<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Please review and provide an ACK for the attached patch.<br>
<br>
This patch attempts to continue implementation of the PKI
Deployment Framework based upon the revised filesystem layout
documented here:<br>
</tt>
<ul>
<li><tt><a class="moz-txt-link-freetext"
href="http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS">http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS</a></tt></li>
</ul>
<tt>The following patch adds/corrects functionality of the existing
PKI Deployment Framework including (but not limited to):<br>
</tt>
<ul>
<li><tt>Massaged logic to comply with PKI subsystems running
within<br>
a shared instance</tt></li>
<li><tt>Developed code to take advantage of a single shared NSS
security<br>
database model</tt></li>
<li><tt>Completed the following two 'scriptlets':</tt></li>
<ul>
<li><tt>Dogtag 10: Python 'slot_assignment.py' Installation
Scriptlet<br>
(<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/146">https://fedorahosted.org/pki/ticket/146</a>)</tt></li>
<li><tt>Dogtag 10: Python 'security_databases.py' Installation
Scriptlet<br>
(<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/136">https://fedorahosted.org/pki/ticket/136</a>)</tt></li>
</ul>
<li><tt>Created several additional PKI deployment helper
utilities.<br>
</tt></li>
</ul>
<tt>After being installed on a FRESH system, this code can be tested
by running the following command-line examples (as 'root' or
'sudo'):<br>
</tt>
<ul>
<li><tt>mkdir /tmp/pki</tt></li>
<li><tt>sudo pkispawn -s CA -p /tmp/pki -v --dry_run</tt></li>
<li><tt>sudo pkispawn -s CA -p /tmp/pki -v</tt></li>
<li><tt>sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run</tt></li>
<li><tt>sudo pkispawn -s CA -p /tmp/pki -u -v<br>
</tt> </li>
<li><tt>sudo pkidestroy -s CA -p /tmp/pki -v --dry_run</tt></li>
<li><tt>sudo pkidestroy -s CA -p /tmp/pki -v<br>
</tt> </li>
</ul>
<tt>For the most part, this code ONLY affects the un-released
'pki-deploy' package, so check-in of these changes should not harm
the existing source in any way.<br>
<br>
The exceptions to this are changes to the following three
previously existing files:<br>
</tt>
<ul>
<li><tt>base/ca/shared/conf/CS.cfg.in</tt></li>
<li><tt>base/ra/apache/conf/httpd.conf</tt></li>
<li><tt>base/tps/apache/conf/httpd.conf</tt></li>
</ul>
<tt>and the addition of the following new qqfour files to account
for the eventual move to Tomcat 7:<br>
</tt>
<ul>
<li><tt>base/ca/shared/conf/tomcat.conf</tt></li>
<li><tt>base/kra/shared/conf/tomcat.conf</tt></li>
<li><tt>base/ocsp/shared/conf/tomcat.conf</tt></li>
<li><tt>base/tks/shared/conf/tomcat.conf</tt></li>
</ul>
<tt>Thanks in advance,<br>
-- Matt</tt><br>
</body>
</html>