Edns certs stage2 w initramfs r9 #6094
Conversation
rvykydal
force-pushed
the
edns-certs-stage2-w-initramfs-r9
branch
from
b356d48 to
5bd3098
Compare
Kickstart %certificate section is used. Submodule, data structures, parsing. Resolves: RHEL-61430 Patch modified by rvykydal.
Unlike the %packages section where the data of all sections are merged into single data object the %certificates section holds the per instance section data in a list. Related: INSTALLER-61430
Resolves: RHEL-61430
Resolves: RHEL-61430
The certificates imported in initramfs are already imported earlier by a service. Resolves: RHEL-61430
Resolves: RHEL-61430
Resolves: RHEL-61430
In case they are needed or processed by package scriptlets Resolves: RHEL-61430
Resolves: RHEL-61430
rvykydal
force-pushed
the
edns-certs-stage2-w-initramfs-r9
branch
2 times, most recently
from
f77f727 to
1c58b68
Compare
rvykydal
changed the title
|
All the current unit-test failures are due to missing updated pykickstart. |
|
Today pykickstart should go into nigthtly compose and we can run kickstart tests then. |
| @@ -60,9 +67,17 @@ def __init__(self): | |||
| self.realm_changed = Signal() | |||
| self._realm = RealmData() | |||
|
|
|||
| def _add_module(self, security_module): | |||
| """Add a base kickstart module.""" | |||
There was a problem hiding this comment.
Is this correct ? Looks like a copy-paste leftover on the first glance. ;-)
There was a problem hiding this comment.
I just followed the existing code in storage module:
.Since rhel 10 we have SubmoduleManager which provides the method so this patch is specific to rhel-9 branch. That said I'd leave it as it is.
| mkdirChain(dst_dir) | ||
|
|
||
| dst = join_paths(dst_dir, cert.filename) | ||
| with open(dst, 'w') as f: |
There was a problem hiding this comment.
Maybe we should specify the text mode explicitly ? Eq. wt to make it apparent that we are writing text data right now.
There was a problem hiding this comment.
I'd suggest this as upstream patch first.
| dst_dir, cert.filename) | ||
| mkdirChain(dst_dir) | ||
|
|
||
| dst = join_paths(dst_dir, cert.filename) |
There was a problem hiding this comment.
What if the file already exists ? While it will most likely write over it, it might be a good idea to log that we are overwriting an existing file.
There was a problem hiding this comment.
Good catch, we even have this upstream, I must have somehow missed the patch:
649c6bb
| if os.path.exists(dst): | ||
| log.warning("Certificate file %s already exists, replacing.", dst) | ||
|
|
||
| with open(dst, 'w') as f: |
There was a problem hiding this comment.
Same here - we might want to use 'wt' & log if we overwrite something.
There was a problem hiding this comment.
The logging is there.
Resolves: RHEL-61430
Don't require it on parsing level, don't own a default. Resolves: RHEL-61430
Resolves: RHEL-61430
Also dump for transfer durig switchroot so that the certificates can be potentially imported early after switchroot by a service. Resolves: RHEL-61430
Resolves: RHEL-61430
For example when --dir is pointing to read-only filesystem. Resolves: RHEL-61430
Resolves: RHEL-61430
rvykydal
force-pushed
the
edns-certs-stage2-w-initramfs-r9
branch
from
fdaae76 to
86e7913
Compare
|
/kickstart-test --testtype smoke |
|
/kickstart-test --kstest-pr 1358 certificate |
1 similar comment
|
/kickstart-test --kstest-pr 1358 certificate |
Port of #6045 to rhel9.
Port to rhel10 is used as it does not contain updates for module import ordering fixes.
The (minor) modifications of rhel10 port patch:
TODO