Project

Profile

Help

« Previous | Next » 

Revision 6728a935

Added by balonik about 2 years ago

Avoid client certificate basenames shared between repos

Some older versions of the Yum client (such as those shipped with RedHat/CentOS 7) are compiled against nss which in turn considers certificates with the same basename as same certificates[1,2,3,4]. Pulp using repo directories to namespace client certificates (e.g /etc/pki/pulp/client/repo/foo/client.crt) leads to Yum refusing to use multiple protected repos simultaneously.

This patch works around the situation by generating cert file basenames with the repository name as a prefix.

Fixes: #3256 https://pulp.plan.io/issues/3256

[1] http://yum-devel.baseurl.narkive.com/pTxDzeaR/patch-document-basename-checking-of-ssl-cert-files [2] https://github.com/jbraeuer/yum-s3/blob/master/SOURCES/BZ-695427-basename-cert-warn-check.patch#L51 [3] http://lists.baseurl.org/pipermail/yum-devel/2012-December/009818.html [4] https://bugzilla.redhat.com/show_bug.cgi?id=885159