From alee at redhat.com Thu Jan 2 14:51:46 2014 From: alee at redhat.com (Ade Lee) Date: Thu, 02 Jan 2014 09:51:46 -0500 Subject: [Pki-devel] Are there any plans to port Dogtag 9 or 10 to EL6 based distros In-Reply-To: References: Message-ID: <1388674306.2177.19.camel@localhost.localdomain> The Dogtag 9 CA (pki-core and its dependant packages) are already in EL6, to provide a headless CA as a backend to IPA. To create a fully functional CA with web UI, simply install pki-ca from the EL6 repos (it will pull in the required packages in pki-core) and install the dogtag 9 version of dogtag-pki-theme from F17. Then use pkicreate to create your instance. Note that the theme package must be installed prior to running pkicreate. To get other subsystems, you will need to install the relevant packages from dogtag 9 (Fedora 17). This should work without any issues for all the java subsystems and the RA. The TPS may require a little more work. Dogtag 10 (only the CA again for IPA) is slated to be released in RHEL 7. You can get a fully functional CA by installing the dogtag-pki-theme package from Fedora 20, and using pkispawn to create an instance. Dogtag 10.x (10.2?) will be the basis for RHCS 9.x which is slated to be released sometime in the RHEL7 cycle - most likely 7.1. This will include all subsystems and all packages. Ade On Mon, 2013-12-30 at 15:32 -0500, Paul Robert Marino wrote: > does any one know if there are any plans to port Dogtag 9 or 10 to EL6 > based distributions or is the plan to go strait to EL7 when its > released? > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From akoneru at redhat.com Thu Jan 2 14:52:07 2014 From: akoneru at redhat.com (Abhishek Koneru) Date: Thu, 02 Jan 2014 09:52:07 -0500 Subject: [Pki-devel] [PATCH] 83 Authentication plugin for directory enrollment when anonymous access is off in the DS provided. #348/BZ 861467 In-Reply-To: <52B894E3.6080905@redhat.com> References: <1387577393.7237.3.camel@akoneru.redhat.com> <1387817889.3292.0.camel@akoneru.redhat.com> <52B894E3.6080905@redhat.com> Message-ID: <1388674327.5699.0.camel@akoneru.redhat.com> Added the changes mentioned by Andrew, pushed to master. --Abhishek On Mon, 2013-12-23 at 11:54 -0800, Andrew Wnuk wrote: > On 12/23/2013 08:58 AM, Abhishek Koneru wrote: > > > Sorry for the spam. Please review the attached patch which has the code > > formatted properly. > > > > --Abhishek > > I would include the following changes to this patch to have the full > feature: > > https://git.fedorahosted.org/cgit/pki.git/commit/?h=DOGTAG_9_BRANCH&id=750b5ffb4c678549dfebec3cf3075fd98ae532ed > > Andrew > > > > > On Fri, 2013-12-20 at 17:09 -0500, Abhishek Koneru wrote: > > > Please review the patch which provides a new plugin for allowing users > > > to enroll directory authenticated certificates on a DS with anonymous > > > access off. > > > > > > This is just porting awnuk's patch for BZ 861467. > > > https://bugzilla.redhat.com/show_bug.cgi?id=861467. This patch is for > > > upstream ticket 348. > > > > > > --Abhishek > > > _______________________________________________ > > > Pki-devel mailing list > > > Pki-devel at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-devel > > > > > > _______________________________________________ > > Pki-devel mailing list > > Pki-devel at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-devel > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From alee at redhat.com Fri Jan 3 21:09:00 2014 From: alee at redhat.com (Ade Lee) Date: Fri, 03 Jan 2014 16:09:00 -0500 Subject: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA Message-ID: <1388783340.2439.19.camel@aleeredhat.laptop> These two patches have changes on the dogtag side to allow debian to start up a dogtag CA. Along with some debian specific patches which will be kept with the debian repo, we can now pkispawn and run a Dogtag 10 CA on debian! Please review, Ade Patch 179: Debian: add init script functionality The addtions in this patch will add start/stop/restart functionality to operations, so that Debian systems can perform these operations by calling these functions from an init script. We also introduce a parameter in the configuration scripts that can be used to determine if the system is a debian system. This parameter is used to specify a system V init script instead of a systemd script on a debian system, when the configuration scriptlets start and stop a system. Also source apparently does not work by default in debian. Used dot (.) instead. Patch 178: Debian - replace arch specification uname -i returns "unknown" on a debian system. "arch" on the other hand works for fedora, rhel and debian. Replacing these for all packages except for the migration ones which will not be built on debian in any case. -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0178-Debian-replace-arch-specification.patch Type: text/x-patch Size: 11060 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0179-Debian-add-init-script-functionality.patch Type: text/x-patch Size: 23574 bytes Desc: not available URL: From mharmsen at redhat.com Sat Jan 4 03:21:58 2014 From: mharmsen at redhat.com (Matthew Harmsen) Date: Fri, 03 Jan 2014 19:21:58 -0800 Subject: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA In-Reply-To: <1388783340.2439.19.camel@aleeredhat.laptop> References: <1388783340.2439.19.camel@aleeredhat.laptop> Message-ID: <52C77E56.4060002@redhat.com> On 01/03/14 13:09, Ade Lee wrote: > These two patches have changes on the dogtag side to allow debian to > start up a dogtag CA. Along with some debian specific patches which > will be kept with the debian repo, we can now pkispawn and run a Dogtag > 10 CA on debian! > > Please review, > Ade > > Patch 179: > > Debian: add init script functionality > > The addtions in this patch will add start/stop/restart > functionality to operations, so that Debian systems can perform > these operations by calling these functions from an init script. > > We also introduce a parameter in the configuration scripts that > can be used to determine if the system is a debian system. This > parameter is used to specify a system V init script instead of > a systemd script on a debian system, when the configuration > scriptlets start and stop a system. > > Also source apparently does not work by default in debian. Used > dot (.) instead. > > Patch 178: > > Debian - replace arch specification > > uname -i returns "unknown" on a debian system. "arch" on the other > hand works for fedora, rhel and debian. Replacing these for all > packages except for the migration ones which will not be built on > debian in any case. > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel (1) While I was unable to configure a Debian machine appropriate to check out these fixes, I did successfully install the patches and successfully build from source on a Fedora 20 x86_64 machine. However, when I attempted to install a CA instance using 'pkispawn -s CA -f /tmp/pki/ca.cfg', I received the following error: ... pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... executing 'systemctl start pki-tomcatd at pki-tomcat.service' Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' for details. pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit status 1! pkispawn : DEBUG ....... Error Type: CalledProcessError pkispawn : DEBUG ....... Error Message: Command '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit status 1 pkispawn : DEBUG ....... File "/sbin/pkispawn", line 463, in main rv = instance.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn deployer.systemd.start() File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start subprocess.check_call(command) File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call raise CalledProcessError(retcode, cmd) Installation failed. # systemctl status -l pki-tomcatd at pki-tomcat.service pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd at .service; enabled) Active: failed (Result: exit-code) since Fri 2014-01-03 18:59:42 PST; 6min ago Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=1/FAILURE) Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI Tomcat Server pki-tomcat... Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: WARNING: Attempting to change symbolic link '/var/lib/pki/pki-tomcat/bin' to point to target '/usr/share/tomcat7/bin' INSTEAD of current target '/usr/share/tomcat/bin'! Jan 03 18:59:42 dogtag20.example.com systemd[1]: pki-tomcatd at pki-tomcat.service: control process exited, code=exited status=1 Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit pki-tomcatd at pki-tomcat.service entered failed state. # journalctl -xn -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri 2014-01-03 19:08:02 PST Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting Session 21094 o -- Subject: Unit session-21094.scope has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21094.scope has begun starting up. Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started Session 21094 of -- Subject: Unit session-21094.scope has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21094.scope has finished starting up. -- -- The start-up result is done. Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD (/usr/bin/r Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]: [system Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activating via s Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activation via s Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]: [system Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting Session 21095 o -- Subject: Unit session-21095.scope has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21095.scope has begun starting up. Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started Session 21095 of -- Subject: Unit session-21095.scope has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21095.scope has finished starting up. -- -- The start-up result is done. Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD (/usr/bin/r (2) One concern that I can see from reviewing the code appears that the 'stop' and 'restart' commands will still not work on Debian, as the entry point which comes from 'pkidaemon' will utilize the '*' option which will yield the following messages: unknown action (stop) Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type [instance-name] ... unknown action (restart) Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type [instance-name] ... NOTE: These commands SHOULD yield this on Fedora systems, but NOT on Debian systems. (3) Finally, the following white spaces were present in your patches when they were applied: # git am ../*.patch Applying: Debian - replace arch specification Applying: Debian: add init script functionality /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: trailing whitespace. /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: trailing whitespace. command = ["/etc/init.d/pki-tomcatd", "stop", /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: trailing whitespace. command = ["/etc/init.d/pki-tomcatd", "restart", warning: 3 lines add whitespace errors. -------------- next part -------------- An HTML attachment was scrubbed... URL: From prmarino1 at gmail.com Mon Jan 6 13:41:21 2014 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Mon, 06 Jan 2014 08:41:21 -0500 Subject: [Pki-devel] Are there any plans to port Dogtag 9 or 10 to EL6 based distros In-Reply-To: <1388674306.2177.19.camel@localhost.localdomain> Message-ID: <52cab282.659cec0a.2f3b.1e74@mx.google.com> An HTML attachment was scrubbed... URL: From alee at redhat.com Wed Jan 8 05:46:21 2014 From: alee at redhat.com (Ade Lee) Date: Wed, 08 Jan 2014 00:46:21 -0500 Subject: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA In-Reply-To: <52C77E56.4060002@redhat.com> References: <1388783340.2439.19.camel@aleeredhat.laptop> <52C77E56.4060002@redhat.com> Message-ID: <1389159981.22457.6.camel@aleeredhat.laptop> New patch attached addressing the problems below. Also fixed "status" on debian to print out the config details when the process is running. See more details below: On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote: > On 01/03/14 13:09, Ade Lee wrote: > > > These two patches have changes on the dogtag side to allow debian to > > start up a dogtag CA. Along with some debian specific patches which > > will be kept with the debian repo, we can now pkispawn and run a Dogtag > > 10 CA on debian! > > > > Please review, > > Ade > > > > Patch 179: > > > > Debian: add init script functionality > > > > The addtions in this patch will add start/stop/restart > > functionality to operations, so that Debian systems can perform > > these operations by calling these functions from an init script. > > > > We also introduce a parameter in the configuration scripts that > > can be used to determine if the system is a debian system. This > > parameter is used to specify a system V init script instead of > > a systemd script on a debian system, when the configuration > > scriptlets start and stop a system. > > > > Also source apparently does not work by default in debian. Used > > dot (.) instead. > > > > Patch 178: > > > > Debian - replace arch specification > > > > uname -i returns "unknown" on a debian system. "arch" on the other > > hand works for fedora, rhel and debian. Replacing these for all > > packages except for the migration ones which will not be built on > > debian in any case. > > > > > > > > _______________________________________________ > > Pki-devel mailing list > > Pki-devel at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-devel > (1) While I was unable to configure a Debian machine appropriate to > check out these fixes, I did successfully install the patches and > successfully build from source on a Fedora 20 x86_64 machine. > > However, when I attempted to install a CA instance using 'pkispawn -s > CA -f /tmp/pki/ca.cfg', I received the following error: > ... > pkispawn : INFO ....... executing 'certutil -N > -d /root/.dogtag/pki-tomcat/ca/alias > -f /root/.dogtag/pki-tomcat/ca/password.conf' > pkispawn : INFO ....... executing 'systemctl start > pki-tomcatd at pki-tomcat.service' > Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl > status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' > for details. > pkispawn : ERROR ....... subprocess.CalledProcessError: > Command '['systemctl', 'start', > 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit > status 1! > pkispawn : DEBUG ....... Error Type: CalledProcessError > pkispawn : DEBUG ....... Error Message: Command > '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']' > returned non-zero exit status 1 > pkispawn : DEBUG ....... File "/sbin/pkispawn", line > 463, in main > rv = instance.spawn(deployer) > File > "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn > deployer.systemd.start() > File > "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start > subprocess.check_call(command) > File "/usr/lib64/python2.7/subprocess.py", line 542, in > check_call > raise CalledProcessError(retcode, cmd) > > > Installation failed. > > > # systemctl status -l pki-tomcatd at pki-tomcat.service > pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat > Loaded: loaded > (/usr/lib/systemd/system/pki-tomcatd at .service; enabled) > Active: failed (Result: exit-code) since Fri 2014-01-03 > 18:59:42 PST; 6min ago > Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat > %i (code=exited, status=1/FAILURE) > > Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI > Tomcat Server pki-tomcat... > Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: > WARNING: Attempting to change symbolic link > '/var/lib/pki/pki-tomcat/bin' to point to target > '/usr/share/tomcat7/bin' INSTEAD of current target > '/usr/share/tomcat/bin'! > Jan 03 18:59:42 dogtag20.example.com systemd[1]: > pki-tomcatd at pki-tomcat.service: control process exited, > code=exited status=1 > Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to > start PKI Tomcat Server pki-tomcat. > Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit > pki-tomcatd at pki-tomcat.service entered failed state. > > > # journalctl -xn > -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri > 2014-01-03 19:08:02 PST > Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting > Session 21094 o > -- Subject: Unit session-21094.scope has begun with start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21094.scope has begun starting up. > Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started > Session 21094 of > -- Subject: Unit session-21094.scope has finished start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21094.scope has finished starting up. > -- > -- The start-up result is done. > Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD > (/usr/bin/r > Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > dbus[493]: [system > Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > Activating via s > Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > Activation via s > Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > dbus[493]: [system > Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting > Session 21095 o > -- Subject: Unit session-21095.scope has begun with start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21095.scope has begun starting up. > Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started > Session 21095 of > -- Subject: Unit session-21095.scope has finished start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21095.scope has finished starting up. > -- > -- The start-up result is done. > Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD > (/usr/bin/r > Fixed this. The problem was partly that $debian was not defined as false by default, and partly because of using set -e, causing the script to exit unexpectedly. The set -e invocations have been removed. > (2) One concern that I can see from reviewing the code appears that > the 'stop' and 'restart' commands will still not work on Debian, as > the entry point which comes from 'pkidaemon' will utilize the '*' > option which will yield the following messages: > unknown action (stop) > Usage: /usr/bin/pkidaemon {start|stop|restart|status} > instance-type [instance-name] > ... > > unknown action (restart) > Usage: /usr/bin/pkidaemon {start|stop|restart|status} > instance-type [instance-name] > ... > > NOTE: These commands SHOULD yield this on Fedora systems, but > NOT on Debian systems. Actually, this did work on debian because in the init script, I did not invoke pkidaemon. Rather, I sourced operations directly. The check that you are referring to is in pkidaemon - and having not been sourced is never encountered. To be more consistent though, I have simply added the relevant logic to pkidaemon. > (3) Finally, the following white spaces were present in your patches > when they were applied: > # git am ../*.patch > Applying: Debian - replace arch specification > Applying: Debian: add init script functionality > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: > trailing whitespace. > > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: > trailing whitespace. > command = ["/etc/init.d/pki-tomcatd", "stop", > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: > trailing whitespace. > command = ["/etc/init.d/pki-tomcatd", > "restart", > warning: 3 lines add whitespace errors. > Fixed. -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0179-1-Debian-add-init-script-functionality.patch Type: text/x-patch Size: 24964 bytes Desc: not available URL: From mharmsen at redhat.com Wed Jan 8 22:26:50 2014 From: mharmsen at redhat.com (Matthew Harmsen) Date: Wed, 08 Jan 2014 14:26:50 -0800 Subject: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA In-Reply-To: <1389159981.22457.6.camel@aleeredhat.laptop> References: <1388783340.2439.19.camel@aleeredhat.laptop> <52C77E56.4060002@redhat.com> <1389159981.22457.6.camel@aleeredhat.laptop> Message-ID: <52CDD0AA.1040105@redhat.com> ACK On 01/07/14 21:46, Ade Lee wrote: > New patch attached addressing the problems below. Also fixed "status" > on debian to print out the config details when the process is running. > > See more details below: > > On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote: >> On 01/03/14 13:09, Ade Lee wrote: >> >>> These two patches have changes on the dogtag side to allow debian to >>> start up a dogtag CA. Along with some debian specific patches which >>> will be kept with the debian repo, we can now pkispawn and run a Dogtag >>> 10 CA on debian! >>> >>> Please review, >>> Ade >>> >>> Patch 179: >>> >>> Debian: add init script functionality >>> >>> The addtions in this patch will add start/stop/restart >>> functionality to operations, so that Debian systems can perform >>> these operations by calling these functions from an init script. >>> >>> We also introduce a parameter in the configuration scripts that >>> can be used to determine if the system is a debian system. This >>> parameter is used to specify a system V init script instead of >>> a systemd script on a debian system, when the configuration >>> scriptlets start and stop a system. >>> >>> Also source apparently does not work by default in debian. Used >>> dot (.) instead. >>> >>> Patch 178: >>> >>> Debian - replace arch specification >>> >>> uname -i returns "unknown" on a debian system. "arch" on the other >>> hand works for fedora, rhel and debian. Replacing these for all >>> packages except for the migration ones which will not be built on >>> debian in any case. >>> >>> >>> >>> _______________________________________________ >>> Pki-devel mailing list >>> Pki-devel at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-devel >> (1) While I was unable to configure a Debian machine appropriate to >> check out these fixes, I did successfully install the patches and >> successfully build from source on a Fedora 20 x86_64 machine. >> >> However, when I attempted to install a CA instance using 'pkispawn -s >> CA -f /tmp/pki/ca.cfg', I received the following error: >> ... >> pkispawn : INFO ....... executing 'certutil -N >> -d /root/.dogtag/pki-tomcat/ca/alias >> -f /root/.dogtag/pki-tomcat/ca/password.conf' >> pkispawn : INFO ....... executing 'systemctl start >> pki-tomcatd at pki-tomcat.service' >> Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl >> status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' >> for details. >> pkispawn : ERROR ....... subprocess.CalledProcessError: >> Command '['systemctl', 'start', >> 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit >> status 1! >> pkispawn : DEBUG ....... Error Type: CalledProcessError >> pkispawn : DEBUG ....... Error Message: Command >> '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']' >> returned non-zero exit status 1 >> pkispawn : DEBUG ....... File "/sbin/pkispawn", line >> 463, in main >> rv = instance.spawn(deployer) >> File >> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn >> deployer.systemd.start() >> File >> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start >> subprocess.check_call(command) >> File "/usr/lib64/python2.7/subprocess.py", line 542, in >> check_call >> raise CalledProcessError(retcode, cmd) >> >> >> Installation failed. >> >> >> # systemctl status -l pki-tomcatd at pki-tomcat.service >> pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat >> Loaded: loaded >> (/usr/lib/systemd/system/pki-tomcatd at .service; enabled) >> Active: failed (Result: exit-code) since Fri 2014-01-03 >> 18:59:42 PST; 6min ago >> Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat >> %i (code=exited, status=1/FAILURE) >> >> Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI >> Tomcat Server pki-tomcat... >> Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: >> WARNING: Attempting to change symbolic link >> '/var/lib/pki/pki-tomcat/bin' to point to target >> '/usr/share/tomcat7/bin' INSTEAD of current target >> '/usr/share/tomcat/bin'! >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: >> pki-tomcatd at pki-tomcat.service: control process exited, >> code=exited status=1 >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to >> start PKI Tomcat Server pki-tomcat. >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit >> pki-tomcatd at pki-tomcat.service entered failed state. >> >> >> # journalctl -xn >> -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri >> 2014-01-03 19:08:02 PST >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting >> Session 21094 o >> -- Subject: Unit session-21094.scope has begun with start-up >> -- Defined-By: systemd >> -- Support: >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- >> -- Unit session-21094.scope has begun starting up. >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started >> Session 21094 of >> -- Subject: Unit session-21094.scope has finished start-up >> -- Defined-By: systemd >> -- Support: >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- >> -- Unit session-21094.scope has finished starting up. >> -- >> -- The start-up result is done. >> Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD >> (/usr/bin/r >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: >> dbus[493]: [system >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] >> Activating via s >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] >> Activation via s >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: >> dbus[493]: [system >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting >> Session 21095 o >> -- Subject: Unit session-21095.scope has begun with start-up >> -- Defined-By: systemd >> -- Support: >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- >> -- Unit session-21095.scope has begun starting up. >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started >> Session 21095 of >> -- Subject: Unit session-21095.scope has finished start-up >> -- Defined-By: systemd >> -- Support: >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- >> -- Unit session-21095.scope has finished starting up. >> -- >> -- The start-up result is done. >> Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD >> (/usr/bin/r >> > Fixed this. The problem was partly that $debian was not defined as > false by default, and partly because of using set -e, causing the script > to exit unexpectedly. The set -e invocations have been removed. > >> (2) One concern that I can see from reviewing the code appears that >> the 'stop' and 'restart' commands will still not work on Debian, as >> the entry point which comes from 'pkidaemon' will utilize the '*' >> option which will yield the following messages: >> unknown action (stop) >> Usage: /usr/bin/pkidaemon {start|stop|restart|status} >> instance-type [instance-name] >> ... >> >> unknown action (restart) >> Usage: /usr/bin/pkidaemon {start|stop|restart|status} >> instance-type [instance-name] >> ... >> >> NOTE: These commands SHOULD yield this on Fedora systems, but >> NOT on Debian systems. > Actually, this did work on debian because in the init script, I did not > invoke pkidaemon. Rather, I sourced operations directly. The check > that you are referring to is in pkidaemon - and having not been sourced > is never encountered. > > To be more consistent though, I have simply added the relevant logic to > pkidaemon. > >> (3) Finally, the following white spaces were present in your patches >> when they were applied: >> # git am ../*.patch >> Applying: Debian - replace arch specification >> Applying: Debian: add init script functionality >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: >> trailing whitespace. >> >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: >> trailing whitespace. >> command = ["/etc/init.d/pki-tomcatd", "stop", >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: >> trailing whitespace. >> command = ["/etc/init.d/pki-tomcatd", >> "restart", >> warning: 3 lines add whitespace errors. >> > Fixed. > From alee at redhat.com Wed Jan 8 22:35:53 2014 From: alee at redhat.com (Ade Lee) Date: Wed, 08 Jan 2014 17:35:53 -0500 Subject: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA In-Reply-To: <52CDD0AA.1040105@redhat.com> References: <1388783340.2439.19.camel@aleeredhat.laptop> <52C77E56.4060002@redhat.com> <1389159981.22457.6.camel@aleeredhat.laptop> <52CDD0AA.1040105@redhat.com> Message-ID: <1389220553.2066.5.camel@aleeredhat.laptop> Thanks. Pushed to master. Ade On Wed, 2014-01-08 at 14:26 -0800, Matthew Harmsen wrote: > ACK > > On 01/07/14 21:46, Ade Lee wrote: > > New patch attached addressing the problems below. Also fixed "status" > > on debian to print out the config details when the process is running. > > > > See more details below: > > > > On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote: > >> On 01/03/14 13:09, Ade Lee wrote: > >> > >>> These two patches have changes on the dogtag side to allow debian to > >>> start up a dogtag CA. Along with some debian specific patches which > >>> will be kept with the debian repo, we can now pkispawn and run a Dogtag > >>> 10 CA on debian! > >>> > >>> Please review, > >>> Ade > >>> > >>> Patch 179: > >>> > >>> Debian: add init script functionality > >>> > >>> The addtions in this patch will add start/stop/restart > >>> functionality to operations, so that Debian systems can perform > >>> these operations by calling these functions from an init script. > >>> > >>> We also introduce a parameter in the configuration scripts that > >>> can be used to determine if the system is a debian system. This > >>> parameter is used to specify a system V init script instead of > >>> a systemd script on a debian system, when the configuration > >>> scriptlets start and stop a system. > >>> > >>> Also source apparently does not work by default in debian. Used > >>> dot (.) instead. > >>> > >>> Patch 178: > >>> > >>> Debian - replace arch specification > >>> > >>> uname -i returns "unknown" on a debian system. "arch" on the other > >>> hand works for fedora, rhel and debian. Replacing these for all > >>> packages except for the migration ones which will not be built on > >>> debian in any case. > >>> > >>> > >>> > >>> _______________________________________________ > >>> Pki-devel mailing list > >>> Pki-devel at redhat.com > >>> https://www.redhat.com/mailman/listinfo/pki-devel > >> (1) While I was unable to configure a Debian machine appropriate to > >> check out these fixes, I did successfully install the patches and > >> successfully build from source on a Fedora 20 x86_64 machine. > >> > >> However, when I attempted to install a CA instance using 'pkispawn -s > >> CA -f /tmp/pki/ca.cfg', I received the following error: > >> ... > >> pkispawn : INFO ....... executing 'certutil -N > >> -d /root/.dogtag/pki-tomcat/ca/alias > >> -f /root/.dogtag/pki-tomcat/ca/password.conf' > >> pkispawn : INFO ....... executing 'systemctl start > >> pki-tomcatd at pki-tomcat.service' > >> Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl > >> status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' > >> for details. > >> pkispawn : ERROR ....... subprocess.CalledProcessError: > >> Command '['systemctl', 'start', > >> 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit > >> status 1! > >> pkispawn : DEBUG ....... Error Type: CalledProcessError > >> pkispawn : DEBUG ....... Error Message: Command > >> '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']' > >> returned non-zero exit status 1 > >> pkispawn : DEBUG ....... File "/sbin/pkispawn", line > >> 463, in main > >> rv = instance.spawn(deployer) > >> File > >> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn > >> deployer.systemd.start() > >> File > >> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start > >> subprocess.check_call(command) > >> File "/usr/lib64/python2.7/subprocess.py", line 542, in > >> check_call > >> raise CalledProcessError(retcode, cmd) > >> > >> > >> Installation failed. > >> > >> > >> # systemctl status -l pki-tomcatd at pki-tomcat.service > >> pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat > >> Loaded: loaded > >> (/usr/lib/systemd/system/pki-tomcatd at .service; enabled) > >> Active: failed (Result: exit-code) since Fri 2014-01-03 > >> 18:59:42 PST; 6min ago > >> Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat > >> %i (code=exited, status=1/FAILURE) > >> > >> Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI > >> Tomcat Server pki-tomcat... > >> Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: > >> WARNING: Attempting to change symbolic link > >> '/var/lib/pki/pki-tomcat/bin' to point to target > >> '/usr/share/tomcat7/bin' INSTEAD of current target > >> '/usr/share/tomcat/bin'! > >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: > >> pki-tomcatd at pki-tomcat.service: control process exited, > >> code=exited status=1 > >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to > >> start PKI Tomcat Server pki-tomcat. > >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit > >> pki-tomcatd at pki-tomcat.service entered failed state. > >> > >> > >> # journalctl -xn > >> -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri > >> 2014-01-03 19:08:02 PST > >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting > >> Session 21094 o > >> -- Subject: Unit session-21094.scope has begun with start-up > >> -- Defined-By: systemd > >> -- Support: > >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel > >> -- > >> -- Unit session-21094.scope has begun starting up. > >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started > >> Session 21094 of > >> -- Subject: Unit session-21094.scope has finished start-up > >> -- Defined-By: systemd > >> -- Support: > >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel > >> -- > >> -- Unit session-21094.scope has finished starting up. > >> -- > >> -- The start-up result is done. > >> Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD > >> (/usr/bin/r > >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > >> dbus[493]: [system > >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > >> Activating via s > >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > >> Activation via s > >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > >> dbus[493]: [system > >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting > >> Session 21095 o > >> -- Subject: Unit session-21095.scope has begun with start-up > >> -- Defined-By: systemd > >> -- Support: > >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel > >> -- > >> -- Unit session-21095.scope has begun starting up. > >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started > >> Session 21095 of > >> -- Subject: Unit session-21095.scope has finished start-up > >> -- Defined-By: systemd > >> -- Support: > >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel > >> -- > >> -- Unit session-21095.scope has finished starting up. > >> -- > >> -- The start-up result is done. > >> Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD > >> (/usr/bin/r > >> > > Fixed this. The problem was partly that $debian was not defined as > > false by default, and partly because of using set -e, causing the script > > to exit unexpectedly. The set -e invocations have been removed. > > > >> (2) One concern that I can see from reviewing the code appears that > >> the 'stop' and 'restart' commands will still not work on Debian, as > >> the entry point which comes from 'pkidaemon' will utilize the '*' > >> option which will yield the following messages: > >> unknown action (stop) > >> Usage: /usr/bin/pkidaemon {start|stop|restart|status} > >> instance-type [instance-name] > >> ... > >> > >> unknown action (restart) > >> Usage: /usr/bin/pkidaemon {start|stop|restart|status} > >> instance-type [instance-name] > >> ... > >> > >> NOTE: These commands SHOULD yield this on Fedora systems, but > >> NOT on Debian systems. > > Actually, this did work on debian because in the init script, I did not > > invoke pkidaemon. Rather, I sourced operations directly. The check > > that you are referring to is in pkidaemon - and having not been sourced > > is never encountered. > > > > To be more consistent though, I have simply added the relevant logic to > > pkidaemon. > > > >> (3) Finally, the following white spaces were present in your patches > >> when they were applied: > >> # git am ../*.patch > >> Applying: Debian - replace arch specification > >> Applying: Debian: add init script functionality > >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: > >> trailing whitespace. > >> > >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: > >> trailing whitespace. > >> command = ["/etc/init.d/pki-tomcatd", "stop", > >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: > >> trailing whitespace. > >> command = ["/etc/init.d/pki-tomcatd", > >> "restart", > >> warning: 3 lines add whitespace errors. > >> > > Fixed. > > > From alee at redhat.com Fri Jan 10 16:27:38 2014 From: alee at redhat.com (Ade Lee) Date: Fri, 10 Jan 2014 11:27:38 -0500 Subject: [Pki-devel] [PATCH] patches for debian repo Message-ID: <1389371258.9782.5.camel@aleeredhat.laptop> This is just a posting to record these patches. These are patches that need to be applied to the debian packaging for dogtag in the debian repo that is currently being hosted at : git://git.debian.org/git/pkg-freeipa/pki.git No need for pki developers to review these (unless of course you want to ;) Ade -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-init-script-and-removed-obsolete-init-scripts.patch Type: text/x-patch Size: 10785 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Patch-to-fix-paths-in-default-settings-file.patch Type: text/x-patch Size: 4539 bytes Desc: not available URL: From alee at redhat.com Mon Jan 13 16:03:18 2014 From: alee at redhat.com (Ade Lee) Date: Mon, 13 Jan 2014 11:03:18 -0500 Subject: [Pki-devel] PATCH 180 - some more debian changes Message-ID: <1389628998.12218.2.camel@aleeredhat.laptop> Need to change source to dot on some command line tools. Please review. Ade -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0180-Debian-replace-source-with-dot.patch Type: text/x-patch Size: 4001 bytes Desc: not available URL: From nkinder at redhat.com Mon Jan 13 16:59:00 2014 From: nkinder at redhat.com (Nathan Kinder) Date: Mon, 13 Jan 2014 08:59:00 -0800 Subject: [Pki-devel] PATCH 180 - some more debian changes In-Reply-To: <1389628998.12218.2.camel@aleeredhat.laptop> References: <1389628998.12218.2.camel@aleeredhat.laptop> Message-ID: <52D41B54.8050801@redhat.com> On 01/13/2014 08:03 AM, Ade Lee wrote: > Need to change source to dot on some command line tools. > Please review. ack > > Ade > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel > From alee at redhat.com Mon Jan 13 17:47:31 2014 From: alee at redhat.com (Ade Lee) Date: Mon, 13 Jan 2014 12:47:31 -0500 Subject: [Pki-devel] PATCH 180 - some more debian changes In-Reply-To: <52D41B54.8050801@redhat.com> References: <1389628998.12218.2.camel@aleeredhat.laptop> <52D41B54.8050801@redhat.com> Message-ID: <1389635251.24188.0.camel@aleeredhat.laptop> thanks . pushed to master. On Mon, 2014-01-13 at 08:59 -0800, Nathan Kinder wrote: > On 01/13/2014 08:03 AM, Ade Lee wrote: > > Need to change source to dot on some command line tools. > > Please review. > > ack > > > > > Ade > > > > > > > > _______________________________________________ > > Pki-devel mailing list > > Pki-devel at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-devel > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From edewata at redhat.com Mon Jan 27 18:42:06 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 27 Jan 2014 12:42:06 -0600 Subject: [Pki-devel] [PATCH] 379 Added RCUE files. Message-ID: <52E6A87E.8080104@redhat.com> New CSS, JavaScript, and font files have been added from RCUE to provide standardized look and feel. Ticket #654 -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-edewata-0379-Added-RCUE-files.patch Type: text/x-patch Size: 502760 bytes Desc: not available URL: From edewata at redhat.com Mon Jan 27 18:45:35 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 27 Jan 2014 12:45:35 -0600 Subject: [Pki-devel] [PATCH] 380 Added TPS UI navigation. Message-ID: <52E6A94F.4050305@redhat.com> A new navigation bar has been added to the top of the page. When a navigation link is clicked, the target page will be loaded into the same page. Ticket #654 -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-edewata-0380-Added-TPS-UI-navigation.patch Type: text/x-patch Size: 19042 bytes Desc: not available URL: From jmagne at redhat.com Tue Jan 28 02:35:54 2014 From: jmagne at redhat.com (John Magne) Date: Mon, 27 Jan 2014 21:35:54 -0500 (EST) Subject: [Pki-devel] [PATCH] 375 Added dialog for adding TPS tokens. In-Reply-To: <52B152A6.2080103@redhat.com> References: <52B152A6.2080103@redhat.com> Message-ID: <729740070.15629111.1390876554156.JavaMail.root@redhat.com> ACK: Looks like here we are just adding a field to the token, a new ID, and creating a dialog for adding a token using the backbone.js. The changed look in line with what is there already. In order to better proceed with subsequent patches, I need to read up more on backbone and rcue to understand better now the models and views fit together with the UI. Perhaps touch bases on IRC. thanks, jack ----- Original Message ----- From: "Endi Sukma Dewata" To: "pki-devel" Sent: Tuesday, December 17, 2013 11:45:42 PM Subject: [Pki-devel] [PATCH] 375 Added dialog for adding TPS tokens. A new dialog box has been added for adding TPS token. A separate token ID attribute has been added to the REST service as required by Backbone. Ticket #654 -- Endi S. Dewata _______________________________________________ Pki-devel mailing list Pki-devel at redhat.com https://www.redhat.com/mailman/listinfo/pki-devel From edewata at redhat.com Tue Jan 28 16:57:57 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 28 Jan 2014 10:57:57 -0600 Subject: [Pki-devel] [PATCH] 375 Added dialog for adding TPS tokens. In-Reply-To: <729740070.15629111.1390876554156.JavaMail.root@redhat.com> References: <52B152A6.2080103@redhat.com> <729740070.15629111.1390876554156.JavaMail.root@redhat.com> Message-ID: <52E7E195.50906@redhat.com> On 1/27/2014 8:35 PM, John Magne wrote: > ACK: Thanks. Pushed to master. -- Endi S. Dewata From jmagne at redhat.com Wed Jan 29 01:47:28 2014 From: jmagne at redhat.com (John Magne) Date: Tue, 28 Jan 2014 20:47:28 -0500 (EST) Subject: [Pki-devel] [PATCH] 376 Fixed TPS resource statuses. In-Reply-To: <52B152AE.3020109@redhat.com> References: <52B152AE.3020109@redhat.com> Message-ID: <488905149.17065434.1390960048884.JavaMail.root@redhat.com> ACK: A few simple questions. 1. I notice we have resources for CS.cfg Connections. Does this clash with the so-called "Connectors" we already have in the Java subsystems? Or are they designed as a replacement? I'm speaking of the Connectors that allow us to talk from subsystem to subsystem. 2. I notice we have separate classes for the various types of CSCfgRecords, being ConnectionRecord, or ProfileRecord, etc. The entirety of those classes seem to be taken care of by the base class, CSCfgRecord. Further down the line we have XXXDatabase classes that have methods to add these records, such as CreateConnectionRecord, or CreateProfileRecord. The methods appear to be pretty similar to each other. Would it have been possible to put much of this down into the base class? ----- Original Message ----- From: "Endi Sukma Dewata" To: "pki-devel" Sent: Tuesday, December 17, 2013 11:45:50 PM Subject: [Pki-devel] [PATCH] 376 Fixed TPS resource statuses. TPS resources that are stored in CS.cfg have been refactored to update their statuses properly. These resources include profiles, profile mappings, connections, and authenticators. Ticket #654 -- Endi S. Dewata _______________________________________________ Pki-devel mailing list Pki-devel at redhat.com https://www.redhat.com/mailman/listinfo/pki-devel From mharmsen at redhat.com Thu Jan 30 04:03:37 2014 From: mharmsen at redhat.com (Matthew Harmsen) Date: Wed, 29 Jan 2014 20:03:37 -0800 Subject: [Pki-devel] [PATCH] TRAC Ticket #840 - pkispawn requires policycoreutils-python [20140129] Message-ID: <52E9CF19.9040500@redhat.com> Simple dependency patch for: * Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python * TRAC Ticket #840 - pkispawn requires policycoreutils-python If approved, the Dogtag 10.1 version of the patch would be checked in to the DOGTAG_10_1_BRANCH, and a new pki-core-10.1.0-2 would be spun for Fedora 20 only; the Dogtag 10.2 version of the patch would be checked in to master (but no build would be spun at this time). -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20140129-pkispawn-requires-policycoreutils-python-10_1.patch Type: text/x-patch Size: 1611 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20140129-pkispawn-requires-policycoreutils-python-10_2.patch Type: text/x-patch Size: 1663 bytes Desc: not available URL: From jmagne at redhat.com Thu Jan 30 04:04:53 2014 From: jmagne at redhat.com (John Magne) Date: Wed, 29 Jan 2014 23:04:53 -0500 (EST) Subject: [Pki-devel] [PATCH] 377 Fixed edit dialog to enable/disable TPS resources. In-Reply-To: <52B152B9.7070609@redhat.com> References: <52B152B9.7070609@redhat.com> Message-ID: <228225453.18760516.1391054693983.JavaMail.root@redhat.com> ACK: Spent some time coming up to speed with backbone.js models and views. Changes in patch in line with what is there already, needed to enable/disable the entities. ----- Original Message ----- From: "Endi Sukma Dewata" To: "pki-devel" Sent: Tuesday, December 17, 2013 11:46:01 PM Subject: [Pki-devel] [PATCH] 377 Fixed edit dialog to enable/disable TPS resources. The edit dialogs for authenticators, connections, and profiles, have been modified to show the available action (i.e. enable or disable) based on the resource status. Ticket #654 -- Endi S. Dewata _______________________________________________ Pki-devel mailing list Pki-devel at redhat.com https://www.redhat.com/mailman/listinfo/pki-devel From alee at redhat.com Thu Jan 30 15:48:23 2014 From: alee at redhat.com (Ade Lee) Date: Thu, 30 Jan 2014 10:48:23 -0500 Subject: [Pki-devel] [PATCH] 181-188 Adding Symmetric Key generation Service to DRM Message-ID: <1391096903.14969.14.camel@aleeredhat.laptop> Hi, The attached patches add Symmetric Key generation service to the DRM and refactor the DRM REST interface. Its worthwhile to look at each patch individually, but there will be many cases where I changed my mind on how to represent something - for instance, Request -> KeyRequest -> ResourceMessage. So, the patches should be viewed as a whole. Summary of changes: 1) Added new REST service to generate symmetric keys. 2) Refactor API to use POST /keyrequests for all request types and using a generic RequestMessage object. 3) Refactor PKIException to use RequestMessage object. 4) Rename some objects in Key and KeyRequest resources. I tested all this using the DRMTest code. I needed to comment out a couple of tests because they were causing problems (including a core dump on the client side), and I need to investigate why that happened. Those tests will be restored once I figure out whats going on. I'd like to get several eyes on this, please. Thanks, Ade -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0187-Added-more-client-code-for-DRM-tests.patch Type: text/x-patch Size: 19863 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0186-Rename-KeyDataInfos-and-KeyrequestInfos.patch Type: text/x-patch Size: 17920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0185-Fix-some-errors-flagged-by-eclipse.patch Type: text/x-patch Size: 4766 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0184-Added-SymKeyGen-service.patch Type: text/x-patch Size: 23368 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0183-Remove-old-recovery-and-archival-methods.patch Type: text/x-patch Size: 4311 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0182-Add-new-POST-endpoint-for-creating-requests.patch Type: text/x-patch Size: 13912 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0181-Use-a-generic-request-object.patch Type: text/x-patch Size: 19527 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-vakwetu-0188-Rename-KeyRequest-to-ResourceMessage.patch Type: text/x-patch Size: 50389 bytes Desc: not available URL: From edewata at redhat.com Thu Jan 30 15:49:28 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 30 Jan 2014 09:49:28 -0600 Subject: [Pki-devel] [PATCH] 376 Fixed TPS resource statuses. In-Reply-To: <488905149.17065434.1390960048884.JavaMail.root@redhat.com> References: <52B152AE.3020109@redhat.com> <488905149.17065434.1390960048884.JavaMail.root@redhat.com> Message-ID: <52EA7488.1020506@redhat.com> On 1/28/2014 7:47 PM, John Magne wrote: > ACK: Thanks. Pushed to master. > A few simple questions. > > 1. I notice we have resources for CS.cfg Connections. Does this clash with the so-called "Connectors" > we already have in the Java subsystems? Or are they designed as a replacement? I'm speaking of the > Connectors that allow us to talk from subsystem to subsystem. Do you mean the KRAConnector in CA and TPSConnector in TKS? It looks like they are designed for different purpose. They use specific parameters which don't match with the parameters used in TPS. The Connections in TPS are used to manage generic connection configurations in TPS. It doesn't actually establish a connection yet. > 2. I notice we have separate classes for the various types of CSCfgRecords, being ConnectionRecord, or ProfileRecord, etc. > The entirety of those classes seem to be taken care of by the base class, CSCfgRecord. Yes. They are originally unrelated classes but now they inherit from the same base class. > Further down the line we have XXXDatabase classes that have methods to add these records, such as CreateConnectionRecord, or CreateProfileRecord. > The methods appear to be pretty similar to each other. Would it have been possible to put much of this down into the base class? These classes have been simplified quite a bit. I don't want to simplify too much in case there are resource-specific logic that has to be added while I'm still looking at the original TPS code, but we can certainly clean it up later. -- Endi S. Dewata From edewata at redhat.com Thu Jan 30 15:49:38 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 30 Jan 2014 09:49:38 -0600 Subject: [Pki-devel] [PATCH] 377 Fixed edit dialog to enable/disable TPS resources. In-Reply-To: <228225453.18760516.1391054693983.JavaMail.root@redhat.com> References: <52B152B9.7070609@redhat.com> <228225453.18760516.1391054693983.JavaMail.root@redhat.com> Message-ID: <52EA7492.8030803@redhat.com> On 1/29/2014 10:04 PM, John Magne wrote: > ACK: > > Spent some time coming up to speed with backbone.js models and views. > > Changes in patch in line with what is there already, needed to > enable/disable the entities. Thanks. Pushed to master. -- Endi S. Dewata From edewata at redhat.com Thu Jan 30 19:02:28 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 30 Jan 2014 13:02:28 -0600 Subject: [Pki-devel] [PATCH] 181-188 Adding Symmetric Key generation Service to DRM In-Reply-To: <1391096903.14969.14.camel@aleeredhat.laptop> References: <1391096903.14969.14.camel@aleeredhat.laptop> Message-ID: <52EAA1C4.8090202@redhat.com> On 1/30/2014 9:48 AM, Ade Lee wrote: > Hi, > > The attached patches add Symmetric Key generation service to the DRM and > refactor the DRM REST interface. Its worthwhile to look at each patch > individually, but there will be many cases where I changed my mind on > how to represent something - for instance, Request -> KeyRequest -> > ResourceMessage. So, the patches should be viewed as a whole. > > Summary of changes: > 1) Added new REST service to generate symmetric keys. > 2) Refactor API to use POST /keyrequests for all request types and using > a generic RequestMessage object. > 3) Refactor PKIException to use RequestMessage object. > 4) Rename some objects in Key and KeyRequest resources. > > I tested all this using the DRMTest code. I needed to comment out a > couple of tests because they were causing problems (including a core > dump on the client side), and I need to investigate why that happened. > Those tests will be restored once I figure out whats going on. > > I'd like to get several eyes on this, please. > > Thanks, > Ade Some comments: 1. Minor issue. Please put a space before the curly bracket: public static class Data extends ResourceMessage{ 2. I'm not sure if the ResourceMessage should have a Link attribute. The PKIException doesn't need it. Probably many other request/resource objects won't need it either. 3. The PKIException previously has . Now that it uses should we start implementing API versioning? 4. This is actually an existing issue in the current code. The marshall/unmarshal code currently swallows the exception. We probably should have thrown the original exception, or if not possible we should wrap it with a RuntimeException. 5. This is also an existing issue. The KeyDataInfo name is probably redundant. If it's an Info that means it doesn't have the Data, so the name probably should be KeyInfo. Similarly, the KeyDataInfoCollection probably can be renamed to KeyInfoCollection. The XmlRootElement should match too, but this probably requires versioning. @XmlRootElement(name = "KeyDataInfos") public class KeyDataInfoCollection extends DataCollection { 6. The KEYGEN_ALGORITHMS is defined in SymKeyGenerationRequest but it's only used by the server only. Will the client need this too? Otherwise we should move it to the server. Maybe the client just needs the list of alg names instead of the actual objects? 7. The DRMTest is using constants in PKIService. While this works in dev env, a real client will not be able to use the server class. We should move the constants and maybe provide a method in the client library to strip the header & trailer. Or maybe strip them on the server. transportCert = transportCert.substring(PKIService.HEADER.length(), transportCert.indexOf(PKIService.TRAILER)); I may have some more comments later. -- Endi S. Dewata From akoneru at redhat.com Thu Jan 30 20:30:14 2014 From: akoneru at redhat.com (Abhishek Koneru) Date: Thu, 30 Jan 2014 15:30:14 -0500 Subject: [Pki-devel] PTO Jan 31 - Feb 07. Will be in India Message-ID: <1391113814.2535.10.camel@akoneru.redhat.com> I will be on PTO tomorrow and for the rest of the week. I will work during the week after that. I will try to come online when it is possible during the next week. Thanks, Abhishek From edewata at redhat.com Fri Jan 31 19:57:10 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 31 Jan 2014 13:57:10 -0600 Subject: [Pki-devel] [PATCH] 381 Fixed template deployment. Message-ID: <52EC0016.6070007@redhat.com> The deployment scriptlet has been fixed to copy the templates to the subsystem web application. This functionality was incorrectly removed in a previous revision (5952a82975063c4ec27303091a44e586d1386933). -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-edewata-0381-Fixed-template-deployment.patch Type: text/x-patch Size: 2046 bytes Desc: not available URL: From edewata at redhat.com Fri Jan 31 20:11:23 2014 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 31 Jan 2014 14:11:23 -0600 Subject: [Pki-devel] [PATCH] 382 Replaced Jettison with Jackson. Message-ID: <52EC036B.8090507@redhat.com> The Jettison library has been replaced with Jackson library as JSON provider for RESTEasy. All class paths and the deployment tools have been updated accordingly. The Python library and the TPS UI have been updated as well to use the new JSON format. Ticket #817 -- Endi S. Dewata -------------- next part -------------- A non-text attachment was scrubbed... Name: pki-edewata-0382-Replaced-Jettison-with-Jackson.patch Type: text/x-patch Size: 57678 bytes Desc: not available URL: