Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script
On 5/31/2016 11:45 PM, Fraser Tweedale wrote:
G'day comrades,
Please review the attached two patches, which...
(Patch 0120)
- provide for passing of configuration (from CS.cfg) to KeyRetriever
implementations
- generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever,
which executes a configured executable rather than a hardcoded one
(Patch 0121)
- remove pki-ipa-retrieve-key script; it is being moved to FreeIPA
repo
Cheers,
Fraser
ACK.
Separate issue. Instead of returning multiple binary attributes
delimited with 0 byte through standard output, it might be better to use
JSON file instead. So the command can be defined something like this:
features.authority.keyRetrieverConfig.exec=/usr/libexec/pki-ipa-retrieve-key
-o {output}
The ExternalProcessKeyRetriever will replace the {output} with a
temporary file, then later parse the result from that file.
--
Endi S. Dewata