Benjamin Lipton Articles




Thinking about templating, part 2: Handling missing data

Introduction Simple approach: data rules only Current solution: See if something renders Issues Alternative: Declare data dependencies Suppressing excess commas and newlines Conclusions Appendix Introduction This post is a followup to Thinking about templating for automatic CSR generation. In it we will look at a requirement of the templating system …

Thinking about templating for automatic CSR generation

Background Requirements Implementations Two-pass data interpolation Two-pass template interpolation Template-based hierarchical rules Formatter-based hierarchical rules Conclusions Background I am working on a project (ticket, design) to simplify creating certificates in FreeIPA. Currently administrators must generate a Certificate Signing Request (CSR) matching the type of certificate they wish to issue. They …

FreeIPA and the 'subdir-objects' option

The subject of this blog post will be FreeIPA Ticket #5873, a request to fix the warning messages produced when compiling FreeIPA: automake: warning: possible forward-incompatibility. automake: At least a source file is in a subdirectory, but the 'subdir-objects' automake: automake option hasn't been enabled. For now, the corresponding …

Manually requesting certs from Dogtag with certmonger debug tools

This post records the results some experimentation with the Dogtag API. Specifically, we will show how to authenticate against the API using credentials that are automatically generated by FreeIPA installation, how to use debug tools distributed with certmonger to issue certificates via the API, and a method of tweaking the …