Import Upstream version 4.12.4

2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -22,13 +22,12 @@ from __future__ import print_function, absolute_import
 import logging
 import sys
 import tempfile
-from optparse import SUPPRESS_HELP  # pylint: disable=deprecated-module

 from textwrap import dedent
 from ipalib import api
 from ipalib.constants import DOMAIN_LEVEL_1
 from ipaplatform.paths import paths
-from ipapython import admintool
+from ipapython import admintool, config
 from ipaserver.install import service
 from ipaserver.install import cainstance
 from ipaserver.install import custodiainstance
@@ -73,13 +72,26 @@ class KRAInstall(admintool.AdminTool):
        parser.add_option(
            "--uninstall",
            dest="uninstall", action="store_true", default=False,
-            help=SUPPRESS_HELP)
+            help=config.SUPPRESS_HELP)

        parser.add_option(
            "--pki-config-override", dest="pki_config_override",
            default=None,
            help="Path to ini file with config overrides.")

+        parser.add_option(
+            "--token-password", dest="token_password",
+            default=None,
+            sensitive=True,
+            help=(
+                "The password to the PKCS#11 token."))
+        parser.add_option(
+            "--token-password-file", dest="token_password_file",
+            default=None,
+            help=(
+                "The full path containing the PKCS#11 token "
+                "password."))
+
    def validate_options(self, needs_root=True):
        super(KRAInstall, self).validate_options(needs_root=True)

@@ -93,7 +105,7 @@ class KRAInstall(admintool.AdminTool):
        if options.uninstall:
            sys.exit(
                'ERROR: Standalone KRA uninstallation was removed in '
-                'FreeIPA 4.5 as it had never worked properly and only caused '
+                'IPA 4.5 as it had never worked properly and only caused '
                'issues.')
        else:
            return KRAInstaller
@@ -104,7 +116,7 @@ class KRAInstaller(KRAInstall):

    INSTALLER_START_MESSAGE = '''
        ===================================================================
-        This program will setup Dogtag KRA for the FreeIPA Server.
+        This program will setup Dogtag KRA for the IPA Server.

    '''

@@ -136,6 +148,17 @@ class KRAInstaller(KRAInstall):
                raise admintool.ScriptError(
                    "Directory Manager password required")

+        cai = cainstance.CAInstance()
+        if (
+            not self.options.unattended
+            and cai.hsm_enabled
+            and self.options.token_password is None
+            and self.options.token_password_file is None
+        ):
+            self.options.token_password = installutils.read_password(
+                f"HSM token '{cai.token_name}'", confirm=False,
+                validate=False, retry=False)
+
    def run(self):
        super(KRAInstaller, self).run()