Remove noise file generation code
Noise file does not actually need to have random data because
NSS does not actually use this data. Certutil still needs
the file though, so we will put dummy data in there. This
solves potential problems with the random() method used and also
issues like BZ 1244382
The replicationdb password is an instance parameter and should
be created by the first subsystem in the instance. This should
happen independently of whether replication is being set up
in case it is needed to set up replication (as a master) later.
As IPA figured out when trying out setupReplication=False, failure
to set the replication password in the first subsystem
ends up breaking instance restart because of password checks on startup.
Please review these simple patches (10.2.6 and 10.2.7) modified from
Tomas Radej's original for this bug:
* Bugzilla Bug #1246620 - [PATCH] Please depend on
Once ACKS are received, I will spin a f23 and f24 rawhide builds of
the patch fixes #1374. It feels wrong to fix the bug in Python space. I
have addressed my concerns in
According to https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7
message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN
CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file
Let's do that, too.
A fix for pki.cert.CertData is trivial. However I'm not sure if that is
the best place to add the wrapping header and footer. It may be a better
idea to fix it once and for all at the root in
This patch will be for Dogtag 10.2.7, and is still in preliminary
testing. I'm posting mostly so that folks can take a look at whats
coming and see whether it meets what is needed for IPA et. al.
The is for ticket 1414.
The instruction to setup secure LDAP connection in the pkispawn
man page has been updated. The sample deployment configuration
file has been made more generic. The setup-ds.pl has been removed
from the instruction since generating a self-signed certificate
requires a DS admin server. The URL to download setupssl2.sh has
been changed with a more direct link. The sample LDAP password
has been changed to match the current deployment configuration
examples. Some paragraphs have been line wrapped to simplify man
Endi S. Dewata