From edewata at redhat.com Thu Mar 8 17:43:41 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 8 Mar 2018 12:43:41 -0500 (EST) Subject: [Pki-devel] Removing tests/dogtag/dev_java_tests/bin folder In-Reply-To: <1606281858.10695830.1520530340873.JavaMail.zimbra@redhat.com> Message-ID: <23796055.10700468.1520531021148.JavaMail.zimbra@redhat.com> Hi, If you pull the latest master branch you might see these folders appearing in your local Git repository: tests/dogtag/dev_java_tests/bin/ base/common/python/build/ base/common/python/dist/ base/common/python/dogtag_pki.egg-info/ It is caused by .gitignore changes here: https://github.com/dogtagpki/pki/commit/099c123dbfedf0cc9133a4209f54622a2f1a2cb1 You can simply remove them, or move them somewhere else if you still need them. We're trying to reduce build artifacts in the source tree. Thanks. -- Endi S. Dewata From ftweedal at redhat.com Fri Mar 9 09:02:23 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Fri, 9 Mar 2018 19:02:23 +1000 Subject: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed? Message-ID: <20180309090223.GQ3703@T470s> Hi, It seems that with the change in logging backend, calls to CMS.debug(Throwable e) no longer print the stack trace. The name of the exception is printed by the error message has been suppressed. I couldn't work out why this is happening but in my working tree I'm carrying the below change to get the stack traces back. Not sure if it's a "proper" way to fix it but it's doing the trick. Cheers, Fraser diff --git a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java index 21e964c1a..135ca75bc 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java +++ b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java @@ -20,6 +20,9 @@ package com.netscape.cmscore.util; import java.util.Hashtable; import java.util.StringTokenizer; +import java.io.StringWriter; +import java.io.PrintWriter; + import org.dogtagpki.util.logging.PKILogger; import com.netscape.certsrv.apps.CMS; @@ -167,7 +170,16 @@ public class Debug if (!TRACE_ON) return; - CMS.logger.warn(e.getMessage(), e); + /* + String msg = e.getMessage(); // may be null + if (msg == null) + msg = e.toString(); + CMS.logger.warn(msg, e); + */ + StringWriter sw = new StringWriter(); + PrintWriter pw = new PrintWriter(sw); + e.printStackTrace(pw); + CMS.logger.warn(sw.toString()); } /** From ftweedal at redhat.com Fri Mar 9 09:04:46 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Fri, 9 Mar 2018 19:04:46 +1000 Subject: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed? In-Reply-To: <20180309090223.GQ3703@T470s> References: <20180309090223.GQ3703@T470s> Message-ID: <20180309090446.GR3703@T470s> On Fri, Mar 09, 2018 at 07:02:23PM +1000, Fraser Tweedale wrote: > Hi, > > It seems that with the change in logging backend, calls to > CMS.debug(Throwable e) no longer print the stack trace. The name of > the exception is printed by the error message has been suppressed. > > I couldn't work out why this is happening but in my working tree I'm > carrying the below change to get the stack traces back. Not sure if > it's a "proper" way to fix it but it's doing the trick. > Another thing I just remembered to mention: when the day rolls over the debug log starts going to stdout/journal(?), instead of a file with the new date. I have to restart the server to get it logging to the expected file after the day changes. Cheers, Fraser From edewata at redhat.com Sat Mar 10 00:05:34 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 9 Mar 2018 19:05:34 -0500 (EST) Subject: [Pki-devel] HTTP NIO Connector In-Reply-To: <853565686.11261950.1520638655329.JavaMail.zimbra@redhat.com> Message-ID: <1325996378.11263605.1520640334351.JavaMail.zimbra@redhat.com> Hi, We have just implemented the switch to HTTP NIO connector in the master branch: https://github.com/dogtagpki/pki/commit/3be16204bed2bf075fbe894135ca7d59cd7b408d See this page for explanation: http://www.dogtagpki.org/wiki/PKI_10.6_HTTP_NIO_Connector_Support If you have an existing PKI 10.6 (not 10.5) instance with HSM or Nuxwdog, follow this procedure when you pull the latest code from master branch: http://www.dogtagpki.org/wiki/Upgrading_PKI_10.5_to_PKI_10.6 Note: PKI 10.6 is still under development, it's not recommended to upgrade from PKI 10.5 at this point. Thanks. -- Endi S. Dewata From edewata at redhat.com Sat Mar 10 04:00:50 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 9 Mar 2018 23:00:50 -0500 (EST) Subject: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed? In-Reply-To: <20180309090223.GQ3703@T470s> References: <20180309090223.GQ3703@T470s> Message-ID: <141562699.11297667.1520654450369.JavaMail.zimbra@redhat.com> Hi Fraser, Yeah, there's a bug in the message formatter. Could you take a look at this patch? https://review.gerrithub.io/#/c/403387/ Here's some documentation (still work in progress): http://pki.fedoraproject.org/wiki/PKI_10.6_Logging_Improvements Thanks! -- Endi S. Dewata ----- Original Message ----- > Hi, > > It seems that with the change in logging backend, calls to > CMS.debug(Throwable e) no longer print the stack trace. The name of > the exception is printed by the error message has been suppressed. > > I couldn't work out why this is happening but in my working tree I'm > carrying the below change to get the stack traces back. Not sure if > it's a "proper" way to fix it but it's doing the trick. > > Cheers, > Fraser > > diff --git a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > index 21e964c1a..135ca75bc 100644 > --- a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > +++ b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > @@ -20,6 +20,9 @@ package com.netscape.cmscore.util; > import java.util.Hashtable; > import java.util.StringTokenizer; > > +import java.io.StringWriter; > +import java.io.PrintWriter; > + > import org.dogtagpki.util.logging.PKILogger; > > import com.netscape.certsrv.apps.CMS; > @@ -167,7 +170,16 @@ public class Debug > if (!TRACE_ON) > return; > > - CMS.logger.warn(e.getMessage(), e); > + /* > + String msg = e.getMessage(); // may be null > + if (msg == null) > + msg = e.toString(); > + CMS.logger.warn(msg, e); > + */ > + StringWriter sw = new StringWriter(); > + PrintWriter pw = new PrintWriter(sw); > + e.printStackTrace(pw); > + CMS.logger.warn(sw.toString()); > } > > /** > From edewata at redhat.com Sat Mar 10 04:06:16 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Fri, 9 Mar 2018 23:06:16 -0500 (EST) Subject: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed? In-Reply-To: <20180309090446.GR3703@T470s> References: <20180309090223.GQ3703@T470s> <20180309090446.GR3703@T470s> Message-ID: <1191017005.11298992.1520654776055.JavaMail.zimbra@redhat.com> ----- Original Message ----- > Another thing I just remembered to mention: when the day rolls over > the debug log starts going to stdout/journal(?), instead of a file > with the new date. I have to restart the server to get it logging > to the expected file after the day changes. Not quite sure about this. I'll need to take a closer look. -- Endi S. Dewata From ftweedal at redhat.com Mon Mar 12 02:28:22 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Mon, 12 Mar 2018 12:28:22 +1000 Subject: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed? In-Reply-To: <141562699.11297667.1520654450369.JavaMail.zimbra@redhat.com> References: <20180309090223.GQ3703@T470s> <141562699.11297667.1520654450369.JavaMail.zimbra@redhat.com> Message-ID: <20180312022822.GT3703@T470s> On Fri, Mar 09, 2018 at 11:00:50PM -0500, Endi Sukma Dewata wrote: > Hi Fraser, > > Yeah, there's a bug in the message formatter. Could you take a > look at this patch? > https://review.gerrithub.io/#/c/403387/ > > Here's some documentation (still work in progress): > http://pki.fedoraproject.org/wiki/PKI_10.6_Logging_Improvements > > Thanks! > Patch works and reads fine, so I'll merge that now. Thanks for the fix! Cheers, Fraser > -- > Endi S. Dewata > > ----- Original Message ----- > > Hi, > > > > It seems that with the change in logging backend, calls to > > CMS.debug(Throwable e) no longer print the stack trace. The name of > > the exception is printed by the error message has been suppressed. > > > > I couldn't work out why this is happening but in my working tree I'm > > carrying the below change to get the stack traces back. Not sure if > > it's a "proper" way to fix it but it's doing the trick. > > > > Cheers, > > Fraser > > > > diff --git a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > > b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > > index 21e964c1a..135ca75bc 100644 > > --- a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > > +++ b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java > > @@ -20,6 +20,9 @@ package com.netscape.cmscore.util; > > import java.util.Hashtable; > > import java.util.StringTokenizer; > > > > +import java.io.StringWriter; > > +import java.io.PrintWriter; > > + > > import org.dogtagpki.util.logging.PKILogger; > > > > import com.netscape.certsrv.apps.CMS; > > @@ -167,7 +170,16 @@ public class Debug > > if (!TRACE_ON) > > return; > > > > - CMS.logger.warn(e.getMessage(), e); > > + /* > > + String msg = e.getMessage(); // may be null > > + if (msg == null) > > + msg = e.toString(); > > + CMS.logger.warn(msg, e); > > + */ > > + StringWriter sw = new StringWriter(); > > + PrintWriter pw = new PrintWriter(sw); > > + e.printStackTrace(pw); > > + CMS.logger.warn(sw.toString()); > > } > > > > /** > > From edewata at redhat.com Thu Mar 15 02:44:32 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 14 Mar 2018 22:44:32 -0400 (EDT) Subject: [Pki-devel] Switching to Tomcat 8.5 In-Reply-To: <933097335.12615216.1521076959386.JavaMail.zimbra@redhat.com> Message-ID: <2135149859.12621547.1521081872954.JavaMail.zimbra@redhat.com> Hi, In the master branch we've added a dependency on Tomcat 8.5 in Fedora 27 or later. The version number has been changed to PKI 10.6.0-0.2 because of that. If you have PKI 10.6.0-0.1 packages, it will not work with Tomcat 8.5. You will need to keep using PKI 10.6.0-0.1 with Tomcat 8.0, or upgrade both to PKI 10.6.0-0.2 and Tomcat 8.5. Existing 10.6.0-0.1 instances should continue to work after upgrade. Tomcat 8.5 is available here: https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ PKI 10.6.0-0.2 should be available here: https://copr.fedorainfracloud.org/coprs/g/pki/10.6-nightly/ If you are submitting a patch to Gerrit, make sure you rebase the patch against the latest from master branch (10.6.0-0.2). The CI will test the patch (including everything in your local branch) against Tomcat 8.5, so if it is still based on 10.6.0-0.1 the CI will fail. Thanks. -- Endi S. Dewata From edewata at redhat.com Mon Mar 19 15:46:49 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 19 Mar 2018 11:46:49 -0400 (EDT) Subject: [Pki-devel] PKI 10.6.0 Beta on Fedora In-Reply-To: <1401669666.13664103.1521473443329.JavaMail.zimbra@redhat.com> Message-ID: <675712816.13672181.1521474409822.JavaMail.zimbra@redhat.com> Hi, PKI 10.6.0 Beta is now available on Fedora 28 Beta via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fd7295cb9 Fedora Rawhide builds are available in Koji. Fedora 27 builds are available in PKI 10.6 COPR repository (for development only): https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ Thanks. -- Endi S. Dewata From edewata at redhat.com Tue Mar 27 15:16:01 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 27 Mar 2018 11:16:01 -0400 (EDT) Subject: [Pki-devel] Dogtag PKI Website URL In-Reply-To: <1236301624.16050356.1522161815530.JavaMail.zimbra@redhat.com> Message-ID: <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> Hi, The Dogtag PKI Website URL has changed as follows: * Old URL: http://pki.fedoraproject.org * New URL: http://www.dogtagpki.org Please use the new URL whenever possible. The old URL should automatically be redirected to the new URL, so all existing links should continue to work. Unfortunately, there was a glitch during the transition yesterday causing it to be redirected to redhat.com. If you are experiencing this, you may need to clear the browser cache/history. Please refer to your browser's documentation since the steps are browser-specific. Sorry for the inconvenience. Thanks! -- Endi S. Dewata From ftweedal at redhat.com Wed Mar 28 01:26:07 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 28 Mar 2018 11:26:07 +1000 Subject: [Pki-devel] Dogtag PKI Website URL In-Reply-To: <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> References: <1236301624.16050356.1522161815530.JavaMail.zimbra@redhat.com> <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> Message-ID: <20180328012607.GU3703@T470s> On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote: > Hi, > > The Dogtag PKI Website URL has changed as follows: > > * Old URL: http://pki.fedoraproject.org > * New URL: http://www.dogtagpki.org > > Please use the new URL whenever possible. The old URL should > automatically be redirected to the new URL, so all existing links > should continue to work. > > Unfortunately, there was a glitch during the transition yesterday > causing it to be redirected to redhat.com. If you are experiencing > this, you may need to clear the browser cache/history. Please refer > to your browser's documentation since the steps are browser-specific. > > Sorry for the inconvenience. Thanks! > Thanks for the update, Endi. Now that the domain change is done, what needs to be done to enable TLS? Thanks, Fraser From edewata at redhat.com Wed Mar 28 01:52:22 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 27 Mar 2018 21:52:22 -0400 (EDT) Subject: [Pki-devel] Dogtag PKI Website URL In-Reply-To: <20180328012607.GU3703@T470s> References: <1236301624.16050356.1522161815530.JavaMail.zimbra@redhat.com> <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> <20180328012607.GU3703@T470s> Message-ID: <1082971584.16162292.1522201942154.JavaMail.zimbra@redhat.com> ----- Original Message ----- > On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote: > > Hi, > > > > The Dogtag PKI Website URL has changed as follows: > > > > * Old URL: http://pki.fedoraproject.org > > * New URL: http://www.dogtagpki.org > > > > Please use the new URL whenever possible. The old URL should > > automatically be redirected to the new URL, so all existing links > > should continue to work. > > > > Unfortunately, there was a glitch during the transition yesterday > > causing it to be redirected to redhat.com. If you are experiencing > > this, you may need to clear the browser cache/history. Please refer > > to your browser's documentation since the steps are browser-specific. > > > > Sorry for the inconvenience. Thanks! > > > Thanks for the update, Endi. > > Now that the domain change is done, what needs to be done to enable > TLS? > > Thanks, > Fraser I think Matt/Nathan is in the process of getting an SSL cert, unless there's an easy way to use Let's Encrypt? -- Endi S. Dewata From ftweedal at redhat.com Wed Mar 28 03:04:36 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 28 Mar 2018 13:04:36 +1000 Subject: [Pki-devel] Dogtag PKI Website URL In-Reply-To: <1082971584.16162292.1522201942154.JavaMail.zimbra@redhat.com> References: <1236301624.16050356.1522161815530.JavaMail.zimbra@redhat.com> <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> <20180328012607.GU3703@T470s> <1082971584.16162292.1522201942154.JavaMail.zimbra@redhat.com> Message-ID: <20180328030436.GV3703@T470s> On Tue, Mar 27, 2018 at 09:52:22PM -0400, Endi Sukma Dewata wrote: > ----- Original Message ----- > > On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote: > > > Hi, > > > > > > The Dogtag PKI Website URL has changed as follows: > > > > > > * Old URL: http://pki.fedoraproject.org > > > * New URL: http://www.dogtagpki.org > > > > > > Please use the new URL whenever possible. The old URL should > > > automatically be redirected to the new URL, so all existing links > > > should continue to work. > > > > > > Unfortunately, there was a glitch during the transition yesterday > > > causing it to be redirected to redhat.com. If you are experiencing > > > this, you may need to clear the browser cache/history. Please refer > > > to your browser's documentation since the steps are browser-specific. > > > > > > Sorry for the inconvenience. Thanks! > > > > > Thanks for the update, Endi. > > > > Now that the domain change is done, what needs to be done to enable > > TLS? > > > > Thanks, > > Fraser > > I think Matt/Nathan is in the process of getting an SSL cert, unless > there's an easy way to use Let's Encrypt? > We should be able to use the ACME HTTP or DNS challenges to get a certificate from Let's Encrypt. Not sure which would be easiest to get going (and automate) on OpenShift. Here's a recently published article on the official OpenShift blog about it: https://blog.openshift.com/lets-encrypt-acme-v2-api/ It's a shame OpenShift Online hasn't got automatic OOTB TLS support via ACME/LE yet. I have them a heads-up years ago. We are behind the competition. Cheers, Fraser From edewata at redhat.com Wed Mar 28 03:30:25 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 27 Mar 2018 23:30:25 -0400 (EDT) Subject: [Pki-devel] Dogtag PKI Website URL In-Reply-To: <20180328030436.GV3703@T470s> References: <1236301624.16050356.1522161815530.JavaMail.zimbra@redhat.com> <831564631.16059417.1522163761667.JavaMail.zimbra@redhat.com> <20180328012607.GU3703@T470s> <1082971584.16162292.1522201942154.JavaMail.zimbra@redhat.com> <20180328030436.GV3703@T470s> Message-ID: <1970010245.16173592.1522207825878.JavaMail.zimbra@redhat.com> ----- Original Message ----- > On Tue, Mar 27, 2018 at 09:52:22PM -0400, Endi Sukma Dewata wrote: > > ----- Original Message ----- > > > On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote: > > > > Hi, > > > > > > > > The Dogtag PKI Website URL has changed as follows: > > > > > > > > * Old URL: http://pki.fedoraproject.org > > > > * New URL: http://www.dogtagpki.org > > > > > > > > Please use the new URL whenever possible. The old URL should > > > > automatically be redirected to the new URL, so all existing links > > > > should continue to work. > > > > > > > > Unfortunately, there was a glitch during the transition yesterday > > > > causing it to be redirected to redhat.com. If you are experiencing > > > > this, you may need to clear the browser cache/history. Please refer > > > > to your browser's documentation since the steps are browser-specific. > > > > > > > > Sorry for the inconvenience. Thanks! > > > > > > > Thanks for the update, Endi. > > > > > > Now that the domain change is done, what needs to be done to enable > > > TLS? > > > > > > Thanks, > > > Fraser > > > > I think Matt/Nathan is in the process of getting an SSL cert, unless > > there's an easy way to use Let's Encrypt? > > > > We should be able to use the ACME HTTP or DNS challenges to get a > certificate from Let's Encrypt. Not sure which would be easiest to > get going (and automate) on OpenShift. Here's a recently published > article on the official OpenShift blog about it: > > https://blog.openshift.com/lets-encrypt-acme-v2-api/ > > It's a shame OpenShift Online hasn't got automatic OOTB TLS support > via ACME/LE yet. I have them a heads-up years ago. We are behind > the competition. > > Cheers, > Fraser Thanks for the info. There's also an older article about that: https://blog.openshift.com/create-https-based-encrypted-urls-using-routes/ but I haven't been able to get it working. Maybe I'll be able to revisit this in a few weeks. HTTP challenge should be easier since we have access to the server. -- Endi S. Dewata From edewata at redhat.com Fri Mar 30 00:19:33 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 29 Mar 2018 20:19:33 -0400 (EDT) Subject: [Pki-devel] PKI 10.6.0 Beta 2 In-Reply-To: <1492765309.16849692.1522368528115.JavaMail.zimbra@redhat.com> Message-ID: <1659267141.16850830.1522369173239.JavaMail.zimbra@redhat.com> Hi, PKI 10.6.0 Beta 2 is now available upstream: https://github.com/dogtagpki/pki/releases/tag/v10.6.0-beta2 Fedora 28 builds are available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1270ede284 Fedora Rawhide builds are available in Koji. Fedora 27 builds are available in this COPR repository: https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ Thanks. -- Endi S. Dewata