security: do not issue warning on existing certificate file during dump

To be able to handle various use cases Anaconda is trying to import (currently just dump to given location) the certificate both in initramfs, after switch-root, and early after anaconda start. Therefore when dumping the certificate to specified file it is difficult to tell if it overwrites original file existing in the image, so issue just an info message instead of warning, which should concern only the specific case of overwriting non-imported file. Resolves: RHEL-77155
rhinstaller · Feb 6, 2025 · fa6127c · fa6127c
1 parent a6f0ea8
commit fa6127c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/dracut/parse-kickstart b/dracut/parse-kickstart
@@ -414,7 +414,7 @@ def _dump_certificate(cert, root="/", dump_dir=None):
     dst = os.path.join(dst_dir, cert.filename)
 
     if os.path.exists(dst):
-        log.warning("Certificate file %s already exists, replacing.", dst)
+        log.info("Certificate file %s already exists, replacing.", dst)
 
     with open(dst, 'w') as f:
         f.write(cert.cert)

diff --git a/pyanaconda/modules/security/certificates/installation.py b/pyanaconda/modules/security/certificates/installation.py
@@ -63,7 +63,7 @@ def _dump_certificate(self, cert, root):
         dst = join_paths(dst_dir, cert.filename)
 
         if os.path.exists(dst):
-            log.warning("Certificate file %s already exists, replacing.", dst)
+            log.info("Certificate file %s already exists, replacing.", dst)
 
         with open(dst, 'w') as f:
             f.write(cert.cert)