[PATCH]pki-cfu-0149-Ticket-2246-MAN-Man-Page-AuditVerify.patch - Pki-devel - Dogtag Pki List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[PATCH]pki-cfu-0149-Ticket-2246-MAN-Man-Page-AuditVerify.patch

[PATCH] 792 Removed redundant...

[PATCH] 791 Fixed cert usage list...

Christina Fu

Tuesday, 12 July 2016 Tue, 12 Jul '16

8:27 p.m.

man page for AuditVerify https://fedorahosted.org/pki/ticket/2246 thanks, Christina

Attachments:

pki-cfu-0149-Ticket-2246-MAN-Man-Page-AuditVerify.patch (text/x-patch — 7.4 KB)

Reply

Show replies by date

Endi Sukma Dewata

Thursday, 14 July Thu, 14 Jul

10:45 p.m.

On 7/12/2016 8:27 PM, Christina Fu wrote:

man page for AuditVerify https://fedorahosted.org/pki/ticket/2246

Some comments/questions: 1. I think the -P option would unlikely be used. Can we remove this option in the future? 2. In the description for the -a option, there's a missing space before the left parenthesis: ... paths(in chronological order) ... 3. Do we assume the auditor to have an access to the machine running the PKI server? Does the auditor have a read access to the files in the instance folder? 4. Normally the server does not export the system certificate into files, so the admin has to do that before the auditor can import the file with this command: certutil -d ~jsmith/auditVerifyDir/ -A -n "CA Certificate" -t "CT,CT,CT" -a -i /var/lib/instance_ID/alias/cacert.txt I think we should replace the path with "-i cacert.txt". Here we're assuming the auditor already has the certificate file. 5. Similarly, the path to the audit certificate file should be replaced with "-i logsigncert.txt": certutil -d ~jsmith/auditVerifyDir -A -n "Log Signing Certificate"-t ",,P" -a -i /var/lib/instance_ID/alias/logsigncert.txt 6. There should be a space before the -t in #5. 7. The following phrase assumes the auditor has a write access to /etc/audit, is that the case? Or do we expect someone else to prepare the file for the auditor? ... this file could be logListFile in the /etc/audit directory ... 8. The database path in the description does not match the command: ... in the user home directory, such as /home/smith/.mozilla, ... AuditVerify -d ~jsmith/auitVerifyDir ... 9. The "auditVerifyDir" is misspelled in #8. 10. When viewed using the man tool, the quotes surrounding "auditsigningcert" disappear causing an extra space before the comma: ... and the signing certificate nickname is auditsigningcert , ... 11. The "auditsigningcert" nickname is inconsistent with the "Log Signing Certificate" used in #5. 12. The explanation for the verification failure in the following ticket is not included yet: https://fedorahosted.org/pki/ticket/2217 Is it going to be added in a separate patch? -- Endi S. Dewata

Reply

Christina Fu

Friday, 15 July Fri, 15 Jul

1:04 p.m.

pushed per Endi's verbal conditional ack: commit 078dfc1f01dea30800f19eed6df4ed547edffee3 thanks!! Christina On 07/14/2016 08:45 PM, Endi Sukma Dewata wrote:

On 7/12/2016 8:27 PM, Christina Fu wrote: > man page for AuditVerify > > https://fedorahosted.org/pki/ticket/2246 Some comments/questions: 1. I think the -P option would unlikely be used. Can we remove this option in the future? 2. In the description for the -a option, there's a missing space before the left parenthesis: ... paths(in chronological order) ... 3. Do we assume the auditor to have an access to the machine running the PKI server? Does the auditor have a read access to the files in the instance folder? 4. Normally the server does not export the system certificate into files, so the admin has to do that before the auditor can import the file with this command: certutil -d ~jsmith/auditVerifyDir/ -A -n "CA Certificate" -t "CT,CT,CT" -a -i /var/lib/instance_ID/alias/cacert.txt I think we should replace the path with "-i cacert.txt". Here we're assuming the auditor already has the certificate file. 5. Similarly, the path to the audit certificate file should be replaced with "-i logsigncert.txt": certutil -d ~jsmith/auditVerifyDir -A -n "Log Signing Certificate"-t ",,P" -a -i /var/lib/instance_ID/alias/logsigncert.txt 6. There should be a space before the -t in #5. 7. The following phrase assumes the auditor has a write access to /etc/audit, is that the case? Or do we expect someone else to prepare the file for the auditor? ... this file could be logListFile in the /etc/audit directory ... 8. The database path in the description does not match the command: ... in the user home directory, such as /home/smith/.mozilla, ... AuditVerify -d ~jsmith/auitVerifyDir ... 9. The "auditVerifyDir" is misspelled in #8. 10. When viewed using the man tool, the quotes surrounding "auditsigningcert" disappear causing an extra space before the comma: ... and the signing certificate nickname is auditsigningcert , ... 11. The "auditsigningcert" nickname is inconsistent with the "Log Signing Certificate" used in #5. 12. The explanation for the verification failure in the following ticket is not included yet: https://fedorahosted.org/pki/ticket/2217 Is it going to be added in a separate patch?

Reply

3048

days inactive

3050

days old

devel@lists.dogtagpki.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Christina Fu
Endi Sukma Dewata