[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] patch for systemd changes



This is the latest patch addressing the issues mentioned in the code
review.

For this one, 
cd pki; patch -p1 < systemd.patch

On Fri, 2011-09-09 at 16:28 -0400, Ade Lee wrote:
> Adam, 
> 
> Try cd pki; patch -p0 < systemd.patch
> 
> Ade
> 
> On Fri, 2011-09-09 at 15:20 -0400, Adam Young wrote:
> > On 09/09/2011 01:38 PM, Ade Lee wrote: 
> > > This is to fix BZ  699809 - Convert certificate system to use systemd
> > > 
> > > https://bugzilla.redhat.com/show_bug.cgi?id=699809
> > > 
> > > This patch has most of what is fneeded
> > > 
> > > There is some extra stuff in the spec file for pki-core for symkey -- I needed
> > > this just to get a build going.  I will remove this on commit.  The fix for
> > > this issue will be provided by mharmsen in a separate bug.
> > > 
> > > Whats missing:
> > > 
> > > Some logic in spec files to upgrade existing instance.  Will add that in a
> > > separate patch.
> > > 
> > > Please review and ack.
> > > Thanks, 
> > > Ade
> > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel redhat com
> > > https://www.redhat.com/mailman/listinfo/pki-devel
> > Cannot get the patch to apply.  Once you update, can you post a new
> > patch, along with what you would do to apply it? I'd assume cd pki;
> > patch -p1 <  systemd.patch ,  but that didn't work for this last one.
> > 
> > 
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel redhat com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel redhat com
> https://www.redhat.com/mailman/listinfo/pki-devel
Index: pki/cmake/Modules/DefineInstallationPaths.cmake
===================================================================
--- pki/cmake/Modules/DefineInstallationPaths.cmake	(revision 2193)
+++ pki/cmake/Modules/DefineInstallationPaths.cmake	(working copy)
@@ -8,7 +8,6 @@
   SET(LIB_SUFFIX
     CACHE STRING "Define suffix of directory name (32/64)"
   )
-
   SET(EXEC_INSTALL_PREFIX
     "${CMAKE_INSTALL_PREFIX}"
     CACHE PATH  "Base directory for executables and libraries"
@@ -105,6 +104,14 @@
       ${EXEC_INSTALL_PREFIX}/var
       CACHE PATH "The /var install dir (default prefix/var)"
   )
+  SET(SYSTEMD_LIB_INSTALL_DIR
+    "/lib/systemd/system"
+    CACHE PATH  "Base directory for systemd target and service files"
+  )
+  SET(SYSTEMD_ETC_INSTALL_DIR
+    "/etc/systemd/system"
+    CACHE PATH  "Base directory for systemd custom target and service files"
+  )
 endif (UNIX)
 
 if (WIN32)
Index: pki/scripts/compose_pki_tks_packages
===================================================================
--- pki/scripts/compose_pki_tks_packages	(revision 2193)
+++ pki/scripts/compose_pki_tks_packages	(working copy)
@@ -31,7 +31,7 @@
 ##
 
 PKI_TKS="pki-tks"
-PKI_TKS_VERSION="9.0.4"
+PKI_TKS_VERSION="9.0.5"
 
 
 ##
Index: pki/scripts/compose_pki_ocsp_packages
===================================================================
--- pki/scripts/compose_pki_ocsp_packages	(revision 2193)
+++ pki/scripts/compose_pki_ocsp_packages	(working copy)
@@ -31,7 +31,7 @@
 ##
 
 PKI_OCSP="pki-ocsp"
-PKI_OCSP_VERSION="9.0.4"
+PKI_OCSP_VERSION="9.0.5"
 
 
 ##
Index: pki/scripts/compose_pki_kra_packages
===================================================================
--- pki/scripts/compose_pki_kra_packages	(revision 2193)
+++ pki/scripts/compose_pki_kra_packages	(working copy)
@@ -31,7 +31,7 @@
 ##
 
 PKI_KRA="pki-kra"
-PKI_KRA_VERSION="9.0.5"
+PKI_KRA_VERSION="9.0.6"
 
 
 ##
Index: pki/scripts/compose_pki_core_packages
===================================================================
--- pki/scripts/compose_pki_core_packages	(revision 2193)
+++ pki/scripts/compose_pki_core_packages	(working copy)
@@ -31,7 +31,7 @@
 ##
 
 PKI_CORE="pki-core"
-PKI_CORE_VERSION="9.0.12"
+PKI_CORE_VERSION="9.0.13"
 
 
 ##
Index: pki/base/ca/shared/conf/CS.cfg.in
===================================================================
--- pki/base/ca/shared/conf/CS.cfg.in	(revision 2193)
+++ pki/base/ca/shared/conf/CS.cfg.in	(working copy)
@@ -13,6 +13,7 @@
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.arg11.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
 pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 preop.wizard.name=CA Setup Wizard
Index: pki/base/ca/shared/lib/systemd/system/pki-cad  service
===================================================================
--- pki/base/ca/shared/lib/systemd/system/pki-cad  service	(revision 0)
+++ pki/base/ca/shared/lib/systemd/system/pki-cad  service	(revision 0)
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Certificate Authority Server %i
+After=pki-cad.target
+BindTo=pki-cad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ca %i
+ExecStop=/usr/bin/pkicontrol stop ca %i
+
+[Install]
+WantedBy=multi-user.target
+
Index: pki/base/ca/shared/lib/systemd/system/pki-cad.target
===================================================================
--- pki/base/ca/shared/lib/systemd/system/pki-cad.target	(revision 0)
+++ pki/base/ca/shared/lib/systemd/system/pki-cad.target	(revision 0)
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Certificate Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
Index: pki/base/ca/CMakeLists.txt
===================================================================
--- pki/base/ca/CMakeLists.txt	(revision 2193)
+++ pki/base/ca/CMakeLists.txt	(working copy)
@@ -4,18 +4,30 @@
 add_subdirectory(setup)
 add_subdirectory(shared/conf)
 
-# install init script
+# install systemd scripts
 install(
     FILES
-        shared/etc/init.d/pki-cad
+        shared/lib/systemd/system/pki-cad.target
+        shared/lib/systemd/system/pki-cad  service
     DESTINATION
-        ${SYSCONF_INSTALL_DIR}/rc.d/init.d
+        ${SYSTEMD_LIB_INSTALL_DIR}
     PERMISSIONS
         OWNER_EXECUTE OWNER_WRITE OWNER_READ
         GROUP_EXECUTE GROUP_READ
         WORLD_EXECUTE WORLD_READ
 )
 
+# install init script
+install(
+     FILES
+        shared/etc/init.d/pki-cad
+     DESTINATION
+        ${SYSCONF_INSTALL_DIR}/rc.d/init.d
+     PERMISSIONS
+         OWNER_EXECUTE OWNER_WRITE OWNER_READ
+         GROUP_EXECUTE GROUP_READ
+)
+
 # install directories
 install(
     DIRECTORY
@@ -28,6 +40,8 @@
         "etc/*" EXCLUDE
     PATTERN
         "conf/CS.cfg.in" EXCLUDE
+    PATTERN
+        "lib/*" EXCLUDE
 )
 
 # install empty directories
@@ -42,3 +56,9 @@
     DESTINATION
         ${VAR_INSTALL_DIR}/run/pki/ca
 )
+
+install(
+    DIRECTORY
+    DESTINATION 
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-cad.target.wants
+)
Index: pki/base/common/scripts/functions
===================================================================
--- pki/base/common/scripts/functions	(revision 2193)
+++ pki/base/common/scripts/functions	(working copy)
@@ -1,1046 +0,0 @@
-#!/bin/bash
-
-# From "http://fedoraproject.org/wiki/FCNewInit/Initscripts":
-# 
-# Status Exit Codes
-#
-#  0 program is running or service is OK
-#  1 program is dead and /var/run pid file exists
-#  2 program is dead and /var/lock lock file exists
-#  3 program is not running
-#  4 program or service status is unknown
-#  5-99 reserved for future LSB use
-#  100-149 reserved for distribution use
-#  150-199 reserved for application use
-#  200-254 reserved
-#
-# Non-Status Exit Codes
-#
-#  0 action was successful
-#  1 generic or unspecified error (current practice)
-#  2 invalid or excess argument(s)
-#  3 unimplemented feature (for example, "reload")
-#  4 user had insufficient privilege
-#  5 program is not installed
-#  6 program is not configured
-#  7 program is not running
-#  8-99    reserved for future LSB use
-#  100-149 reserved for distribution use
-#  150-199 reserved for application use
-#  200-254 reserved
-#
-
-# PKI subsystem-level directory and file values for locks
-lockfile="/var/lock/subsys/${SERVICE_NAME}"
-
-default_error=0
-
-case $command in
-    start|stop|restart|condrestart|force-restart|try-restart)
-        # 1 generic or unspecified error (current practice)
-        default_error=1
-        ;;
-    reload)
-        default_error=3
-        ;;
-    status)
-        # 4 program or service status is unknown
-        default_error=4
-        ;;
-    *)
-        # 2 invalid argument(s)
-        default_error=2
-        ;;
-esac
-
-# Enable nullglob, if set then shell pattern globs which do not match any
-# file returns the empty string rather than the unmodified glob pattern.
-shopt -s nullglob
-
-OS=`uname -s`
-ARCHITECTURE=`uname -i`
-
-# Check to insure that this script's original invocation directory
-# has not been deleted!
-CWD=`/bin/pwd > /dev/null 2>&1`
-if [ $? -ne 0 ] ; then
-    echo "Cannot invoke '$PROG_NAME' from non-existent directory!"
-    exit ${default_error}
-fi
-
-# Check to insure that this script's associated PKI
-# subsystem currently resides on this system.
-if [ ! -d ${PKI_PATH} ] ; then
-    echo "This machine is missing the '${PKI_TYPE}' subsystem!"
-    if [ "${command}" != "status" ]; then
-        # 5 program is not installed
-        exit 5
-    else
-        exit ${default_error}
-    fi
-fi
-
-# Check to insure that this script's associated PKI
-# subsystem instance registry currently resides on this system.
-if [ ! -d ${PKI_REGISTRY} ] ; then
-    echo "This machine contains no registered '${PKI_TYPE}' subsystem instances!"
-    if [ "${command}" != "status" ]; then
-        # 5 program is not installed
-        exit 5
-    else
-        exit ${default_error}
-    fi
-fi
-
-# This script must be run as root!
-RV=0
-if [ `id -u` -ne 0 ] ; then
-    echo "Must be 'root' to execute '$PROG_NAME'!"
-    if [ "${command}" != "status" ]; then
-    # 4 user had insufficient privilege
-    exit 4
-    else
-    # 4 program or service status is unknown
-    exit 4
-    fi
-fi
-
-PKI_REGISTRY_ENTRIES=""
-TOTAL_PKI_REGISTRY_ENTRIES=0
-TOTAL_UNCONFIGURED_PKI_ENTRIES=0
-
-# Gather ALL registered instances of this PKI subsystem type
-for FILE in ${PKI_REGISTRY}/*; do
-    if [ -f "$FILE" ] ; then
-        PKI_REGISTRY_ENTRIES="${PKI_REGISTRY_ENTRIES} $FILE"
-        TOTAL_PKI_REGISTRY_ENTRIES=`expr ${TOTAL_PKI_REGISTRY_ENTRIES} + 1`
-    fi
-done
-
-if [ -n "${pki_instance}" ]; then
-    for I in ${PKI_REGISTRY_ENTRIES}; do
-        if [ "${PKI_REGISTRY}/${pki_instance}" = "$I" ]; then
-            PKI_REGISTRY_ENTRIES="${PKI_REGISTRY}/${pki_instance}"
-            TOTAL_PKI_REGISTRY_ENTRIES=1
-            break
-        fi
-    done
-fi
-
-usage()
-{
-    echo -n "Usage: ${SERVICE_PROG} ${SERVICE_NAME}"
-    echo -n "{start"
-    echo -n "|stop"
-    echo -n "|restart"
-    echo -n "|condrestart"
-    echo -n "|force-restart"
-    echo -n "|try-restart"
-    echo -n "|reload"
-    echo -n "|status} "
-    echo -n "[instance-name]"
-    echo
-    echo
-}
-
-list_instances()
-{
-    echo
-    for PKI_REGISTRY_ENTRY in $PKI_REGISTRY_ENTRIES; do
-	instance_name=`basename $PKI_REGISTRY_ENTRY`
-        echo "    $instance_name"
-    done
-    echo
-}
-
-# Check arguments
-if [ $# -lt 1 ] ; then
-    # 3 unimplemented feature (for example, "reload")
-    #     [insufficient arguments]
-    echo "$PROG_NAME:  Insufficient arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    exit 3
-elif [ ${default_error} -eq 2 ] ; then
-    # 2 invalid argument
-    echo "$PROG_NAME:  Invalid arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    exit 2
-elif [ $# -gt 2 ] ; then
-    echo "$PROG_NAME:  Excess arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    if [ "${command}" != "status" ]; then
-        # 2 excess arguments
-        exit 2
-    else
-        # 4 program or service status is unknown
-        exit 4
-    fi
-fi
-
-# If an "instance" was supplied, check that it is a "valid" instance
-if [ -n "${pki_instance}" ]; then
-    valid=0
-    for PKI_REGISTRY_ENTRY in $PKI_REGISTRY_ENTRIES; do
-	instance_name=`basename $PKI_REGISTRY_ENTRY`
-        if [ $pki_instance == $instance_name ]; then
-	    valid=1
-	    break
-	fi
-    done
-    if [ $valid -eq 0 ]; then
-        echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance"
-        echo_failure
-        echo
-        if [ "${command}" != "status" ]; then
-            # 5 program is not installed
-            exit 5
-        else
-            # 4 program or service status is unknown
-            exit 4
-        fi
-    fi
-fi
-
-check_pki_configuration_status()
-{
-    rv=0
-
-    rv=`grep -c ^preop ${pki_instance_configuration_file}`
-
-    rv=`expr ${rv} + 0`
-
-    if [ $rv -ne 0 ] ; then
-        echo "    '${PKI_INSTANCE_ID}' must still be CONFIGURED!"
-        echo "    (see /var/log/${PKI_INSTANCE_ID}-install.log)"
-        if [ "${command}" != "status" ]; then
-            # 6 program is not configured
-            rv=6
-        else
-            # 4 program or service status is unknown
-            rv=4
-        fi
-        TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1`
-    elif [ -f ${RESTART_SERVER} ] ; then
-        echo -n "    Although '${PKI_INSTANCE_ID}' has been CONFIGURED, "
-        echo -n "it must still be RESTARTED!"
-        echo
-        if [ "${command}" != "status" ]; then
-            # 1 generic or unspecified error (current practice)
-            rv=1
-        else
-            # 4 program or service status is unknown
-            rv=4
-        fi
-    fi
-
-    return $rv
-}
-
-get_pki_status_definitions()
-{
-    case $PKI_SUBSYSTEM_TYPE in
-	ca|kra|ocsp|tks)
-	    get_pki_status_definitions_tomcat
-	    return $?
-	    ;;
-	ra)
-	    get_pki_status_definitions_ra
-	    return $?
-	    ;;
-	tps)
-	    get_pki_status_definitions_tps
-	    return $?
-	    ;;
-	*)
-	    echo "Unknown subsystem type ($PKI_SUBSYSTEM_TYPE)"
-	    exit ${default_error}
-	    ;;
-    esac
-}
-
-get_pki_status_definitions_ra()
-{
-    # establish well-known strings
-    total_ports=0
-    UNSECURE_PORT=""
-    CLIENTAUTH_PORT=""
-    NON_CLIENTAUTH_PORT=""
-
-    # check to see that an instance-specific "httpd.conf" file exists
-    if [ ! -f ${PKI_HTTPD_CONF} ] ; then
-	echo "File '${PKI_HTTPD_CONF}' does not exist!"
-	exit ${default_error}
-    fi
-
-    # check to see that an instance-specific "nss.conf" file exists
-    if [ ! -f ${PKI_NSS_CONF} ] ; then
-	echo "File '${PKI_NSS_CONF}' does not exist!"
-	exit ${default_error}
-    fi
-
-    # Iterate over Listen statements
-    for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do
-	UNSECURE_PORT=$port
-	if [ $total_ports -eq 0 ]; then
-	    echo "    Unsecure Port              = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}";
-        else
-            echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}";
-        fi
-	total_ports=`expr ${total_ports} + 1`
-
-    done
-
-    # Iterate over Listen statements
-    for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do
-	UNSECURE_PORT=$port
-	if [ $total_ports -eq 1 ]; then
-	    CLIENTAUTH_PORT=$port
-	    echo "    Secure Clientauth Port     = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}";
-        fi
-	if [ $total_ports -eq 2 ]; then
-	    NON_CLIENTAUTH_PORT=$port
-	    echo "    Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}";
-        fi
-	total_ports=`expr ${total_ports} + 1`
-
-    done
-
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
-}
-
-get_pki_status_definitions_tps()
-{
-    # establish well-known strings
-    total_ports=0
-    UNSECURE_PORT=""
-    CLIENTAUTH_PORT=""
-    NON_CLIENTAUTH_PORT=""
-
-    # check to see that an instance-specific "httpd.conf" file exists
-    if [ ! -f ${PKI_HTTPD_CONF} ] ; then
-	echo "File '${PKI_HTTPD_CONF}' does not exist!"
-	exit ${default_error}
-    fi
-
-    # check to see that an instance-specific "nss.conf" file exists
-    if [ ! -f ${PKI_NSS_CONF} ] ; then
-	echo "File '${PKI_NSS_CONF}' does not exist!"
-	exit ${default_error}
-    fi
-
-    # Iterate over Listen statements
-    for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do
-	UNSECURE_PORT=$port
-	if [ $total_ports -eq 0 ]; then
-	    echo "    Unsecure Port              = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/so/enroll.cgi";
-	    echo "                                 (ESC Security Officer Enrollment)"
-	    echo "    Unsecure Port              = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/home/index.cgi";
-	    echo "                                 (ESC Phone Home)"
-        else
-            echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}";
-        fi
-	total_ports=`expr ${total_ports} + 1`
-
-    done
-
-    # Iterate over Listen statements
-    for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do
-	UNSECURE_PORT=$port
-	if [ $total_ports -eq 1 ]; then
-	    CLIENTAUTH_PORT=$port
-	    echo "    Secure Clientauth Port     = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi";
-	    echo "                                 (ESC Security Officer Workstation)"
-	    echo "    Secure Clientauth Port     = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/tus";
-	    echo "                                 (TPS Roles - Operator/Administrator/Agent)"
-        fi
-	if [ $total_ports -eq 2 ]; then
-	    NON_CLIENTAUTH_PORT=$port
-	    echo "    Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi";
-	    echo "                                 (ESC Security Officer Enrollment)"
-	    echo "    Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi";
-	    echo "                                 (ESC Phone Home)"
-        fi
-	total_ports=`expr ${total_ports} + 1`
-
-    done
-
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
-}
-
-get_pki_status_definitions_tomcat()
-{
-    # establish well-known strings
-    begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->"
-    end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->"
-    total_ports=0
-    unsecure_port_statement="Unsecure Port"
-    secure_agent_port_statement="Secure Agent Port"
-    secure_ee_port_statement="Secure EE Port"
-    secure_ee_client_auth_port_statement="EE Client Auth Port"
-    secure_admin_port_statement="Secure Admin Port"
-    pki_console_port_statement="PKI Console Port"
-    tomcat_port_statement="Tomcat Port"
-
-    # initialize looping variables
-    pki_status_comment_found=0
-
-    # first check to see that an instance-specific "server.xml" file exists
-    if [ ! -f ${PKI_SERVER_XML_CONF} ] ; then
-        echo "File '${PKI_SERVER_XML_CONF}' does not exist!"
-        exit ${default_error}
-    fi
-
-    # read this instance-specific "server.xml" file line-by-line
-    # to obtain the current PKI Status Definitions
-    exec < ${PKI_SERVER_XML_CONF}
-    while read line; do
-        # first look for the well-known end PKI Status comment
-        # (to turn off processing)
-        if [ "$line" == "$end_pki_status_comment" ] ; then
-            pki_status_comment_found=0
-            break;
-        fi
-
-        # then look for the well-known begin PKI Status comment
-        # (to turn on processing)
-        if [ "$line" == "$begin_pki_status_comment" ] ; then
-            pki_status_comment_found=1
-        fi
-
-        # once the well-known begin PKI Status comment has been found,
-        # begin processing to obtain all of the PKI Status Definitions
-        if [ $pki_status_comment_found -eq 1 ] ; then
-            # look for a PKI Status Definition and print it
-            head=`echo "$line" | sed -e 's/^\([^=]*\)[ \t]*= .*$/\1/' -e 's/[ \t]*$//'`
-            if  [ "$head" == "$unsecure_port_statement"     ]          ||
-                [ "$head" == "$secure_agent_port_statement" ]          ||
-                [ "$head" == "$secure_ee_port_statement"    ]          ||
-                [ "$head" == "$secure_ee_client_auth_port_statement" ] ||
-                [ "$head" == "$secure_admin_port_statement" ]          ||
-                [ "$head" == "$pki_console_port_statement"  ]          ||
-                [ "$head" == "$tomcat_port_statement"       ] ; then
-                echo "    $line"
-                total_ports=`expr ${total_ports} + 1`
-            fi
-        fi
-    done
-
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
-}
-
-get_pki_configuration_definitions()
-{
-    # Obtain the PKI Subsystem Type
-    line=`grep -e '^[ \t]*cs.type[ \t]*=' ${pki_instance_configuration_file}`
-    pki_subsystem=`echo "${line}" | sed -e 's/^[^=]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-    if [ "${line}" != "" ] ; then
-        if  [ "${pki_subsystem}" != "CA"   ]  &&
-            [ "${pki_subsystem}" != "KRA"  ]  &&
-            [ "${pki_subsystem}" != "OCSP" ]  &&
-            [ "${pki_subsystem}" != "TKS"  ]  &&
-            [ "${pki_subsystem}" != "RA"   ]  &&
-            [ "${pki_subsystem}" != "TPS"  ]
-        then
-            return ${default_error}
-        fi
-        if    [ "${pki_subsystem}" == "KRA"   ] ; then
-            # Rename "KRA" to "DRM"
-            pki_subsystem="DRM"
-        fi
-    else
-        return ${default_error}
-    fi
-
-    # If "${pki_subsystem}" is a CA, DRM, OCSP, or TKS,
-    # check to see if "${pki_subsystem}" is a "Clone"
-    pki_clone=""
-    if  [ "${pki_subsystem}" == "CA"   ]  ||
-        [ "${pki_subsystem}" == "DRM"  ]  ||
-        [ "${pki_subsystem}" == "OCSP" ]  ||
-        [ "${pki_subsystem}" == "TKS"  ]
-    then
-        line=`grep -e '^[ \t]*subsystem.select[ \t]*=' ${pki_instance_configuration_file}`
-        if [ "${line}" != "" ] ; then
-            pki_clone=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-            if [ "${pki_clone}" != "Clone" ] ; then
-                # Reset "${pki_clone}" to be empty
-                pki_clone=""
-            fi
-        else
-            return ${default_error}
-        fi
-    fi
-
-    # If "${pki_subsystem}" is a CA, and is NOT a "Clone", check to
-    # see "${pki_subsystem}" is a "Root" or a "Subordinate" CA
-    pki_hierarchy=""
-    if    [ "${pki_subsystem}" == "CA" ]  &&
-        [ "${pki_clone}" != "Clone"  ]
-    then
-        line=`grep -e '^[ \t]*hierarchy.select[ \t]*=' ${pki_instance_configuration_file}`
-        if [ "${line}" != "" ] ; then
-            pki_hierarchy=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-        else
-            return ${default_error}
-        fi
-    fi
-
-    # If ${pki_subsystem} is a CA, check to
-    # see if it is also a Security Domain
-    pki_security_domain=""
-    if    [ "${pki_subsystem}" == "CA" ] ; then
-        line=`grep -e '^[ \t]*securitydomain.select[ \t]*=' ${pki_instance_configuration_file}`
-        if [ "${line}" != "" ] ; then
-            pki_security_domain=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-            if [ "${pki_security_domain}" == "new" ] ; then
-                # Set a fixed value for "${pki_security_domain}"
-                pki_security_domain="(Security Domain)"
-            else
-                # Reset "${pki_security_domain}" to be empty
-                pki_security_domain=""
-            fi
-        else
-            return ${default_error}
-        fi
-    fi
-
-    # Always obtain this PKI instance's "registered"
-    # security domain information
-    pki_security_domain_name=""
-    pki_security_domain_hostname=""
-    pki_security_domain_https_admin_port=""
-
-    line=`grep -e '^[ \t]*securitydomain.name[ \t]*=' ${pki_instance_configuration_file}`
-    if [ "${line}" != "" ] ; then
-        pki_security_domain_name=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-    else
-        return ${default_error}
-    fi
-
-    line=`grep -e '^[ \t]*securitydomain.host[ \t]*=' ${pki_instance_configuration_file}`
-    if [ "${line}" != "" ] ; then
-        pki_security_domain_hostname=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-    else
-        return ${default_error}
-    fi
-
-    line=`grep -e '^[ \t]*securitydomain.httpsadminport[ \t]*=' ${pki_instance_configuration_file}`
-    if [ "${line}" != "" ] ; then
-        pki_security_domain_https_admin_port=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'`
-    else
-        return ${default_error}
-    fi
-
-    # Compose the "PKI Instance Name" Status Line
-    pki_instance_name="PKI Instance Name:   ${PKI_INSTANCE_ID}"
-
-    # Compose the "PKI Subsystem Type" Status Line
-    header="PKI Subsystem Type: "
-    if   [ "${pki_clone}" != "" ] ; then
-        if [ "${pki_security_domain}" != "" ]; then
-            # Possible Values:
-            #
-            #     "CA Clone (Security Domain)"
-            #
-            data="${pki_subsystem} ${pki_clone} ${pki_security_domain}"
-        else
-            # Possible Values:
-            #
-            #     "CA Clone"
-            #     "DRM Clone"
-            #     "OCSP Clone"
-            #     "TKS Clone"
-            #
-            data="${pki_subsystem} ${pki_clone}"
-        fi
-    elif [ "${pki_hierarchy}" != "" ] ; then
-        if [ "${pki_security_domain}" != "" ]; then
-            # Possible Values:
-            #
-            #     "Root CA (Security Domain)"
-            #     "Subordinate CA (Security Domain)"
-            #
-            data="${pki_hierarchy} ${pki_subsystem} ${pki_security_domain}"
-        else
-            # Possible Values:
-            #
-            #     "Root CA"
-            #     "Subordinate CA"
-            #
-            data="${pki_hierarchy} ${pki_subsystem}"
-        fi
-    else
-        # Possible Values:
-        #
-        #     "DRM"
-        #     "OCSP"
-        #     "RA"
-        #     "TKS"
-        #     "TPS"
-        #
-        data="${pki_subsystem}"
-    fi
-    pki_subsystem_type="${header} ${data}"
-
-    # Compose the "Registered PKI Security Domain Information" Status Line
-    header="Name: "
-    registered_pki_security_domain_name="${header} ${pki_security_domain_name}"
-
-    header="URL:  "
-    if    [ "${pki_security_domain_hostname}" != ""         ] &&
-        [ "${pki_security_domain_https_admin_port}" != "" ]
-    then
-        data="https://${pki_security_domain_hostname}:${pki_security_domain_https_admin_port}";
-    else
-        return ${default_error}
-    fi
-    registered_pki_security_domain_url="${header} ${data}"
-
-    # Print the "PKI Subsystem Type" Status Line
-    echo
-    echo "    ${pki_instance_name}"
-
-    # Print the "PKI Subsystem Type" Status Line
-    echo
-    echo "    ${pki_subsystem_type}"
-
-    # Print the "Registered PKI Security Domain Information" Status Line
-    echo
-    echo "    Registered PKI Security Domain Information:"
-    echo "    =========================================================================="
-    echo "    ${registered_pki_security_domain_name}"
-    echo "    ${registered_pki_security_domain_url}"
-    echo "    =========================================================================="
-
-    return 0
-}
-
-display_configuration_information()
-{
-    result=0
-    check_pki_configuration_status
-    rv=$?
-    if [ $rv -eq 0 ] ; then
-        get_pki_status_definitions
-        rv=$?
-        if [ $rv -ne 0 ] ; then
-	    result=$rv
-            echo
-            echo "${PKI_INSTANCE_ID} Status Definitions not found"
-        else
-            get_pki_configuration_definitions
-            rv=$?
-            if [ $rv -ne 0 ] ; then
-		result=$rv
-                echo
-                echo "${PKI_INSTANCE_ID} Configuration Definitions not found"
-            fi
-        fi
-    fi
-    return $result
-}
-
-display_instance_status()
-{
-    rv=0
-
-    # Verify there is an initscript for this instance
-    if [ ! -f $PKI_INSTANCE_INITSCRIPT ]; then
-        # 4 program or service status is unknown
-	return 4
-    fi
-
-    # Invoke the initscript for this instance
-    $PKI_INSTANCE_INITSCRIPT status
-    rv=$?
-
-    if [ $rv -eq 0 ] ; then
-	display_configuration_information
-    fi
-
-    return $rv
-}
-
-start_instance()
-{
-    rv=0
-
-    if [ -f ${RESTART_SERVER} ] ; then
-        rm -f ${RESTART_SERVER}
-    fi
-
-    # Invoke the initscript for this instance
-    case $PKI_SUBSYSTEM_TYPE in
-        ca|kra|ocsp|tks)
-            if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
-                /usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \
-                     $PKI_INSTANCE_INITSCRIPT start
-                rv=$?
-            else
-                $PKI_INSTANCE_INITSCRIPT start 
-                rv=$?
-            fi
-            ;;
-        ra|tps)
-            $PKI_INSTANCE_INITSCRIPT start
-            rv=$?
-            ;;
-    esac
-
-    if [ $rv -ne 0 ] ; then
-        return $rv
-    fi
-
-    # On Tomcat subsystems, make certain that the service has started
-    case $PKI_SUBSYSTEM_TYPE in
-        ca|kra|ocsp|tks)
-            count=0
-            tries=30
-            port=`grep '^pkicreate.unsecure_port=' ${pki_instance_configuration_file} | cut -b25- -`
-            while [ $count -lt $tries ]
-            do
-                netstat -antl | grep ${port} > /dev/null
-                netrv=$?
-                if [ $netrv -eq 0 ] ; then
-                    break;
-                fi
-                sleep 1
-                let count=$count+1;
-            done
-            if [ $netrv -ne 0 ] ; then
-                return 1
-            fi
-            ;;
-    esac
-
-    if [ $rv -eq 0 ] ; then
-        # From the PKI point of view a returned error code of 6 implies
-        # that the program is not "configured". An error code of 1 implies
-        # that the program was "configured" but must still be restarted.
-        #
-        # If the return code is 6 return this value unchanged to the
-        # calling routine so that the total number of configuration errors
-        # may be counted. Other return codes are ignored.
-        #
-        check_pki_configuration_status
-        rv=$?
-        if [ $rv -eq 6 ]; then
-            # 6 program is not configured
-            return 6
-        else
-            # 0 success
-
-            # Tomcat instances automatically place pid files under
-            # '/var/run' and lock files under '/var/lock/subsys'.
-            #
-            # However, since PKI subsystem instances can have any name,
-            # in order to identify the PKI subsystem type of a particular
-            # PKI instance, we create a separate "pki subsystem identity"
-            # symlink to the PKI instance pid file and place it under
-            # '/var/run/pki/<pki subsystem>', and a separate
-            # "pki subsystem identity" symlink to the PKI instance
-            # lock file and place it under '/var/lock/pki/<pki subsystem>'.
-            #
-            case $PKI_SUBSYSTEM_TYPE in
-                ca|kra|ocsp|tks)
-                    if [ -h ${PKI_PIDFILE} ]; then
-                        rm -f ${PKI_PIDFILE}
-                    fi
-                    if [ -f ${TOMCAT_PIDFILE} ]; then
-                        ln -s ${TOMCAT_PIDFILE} ${PKI_PIDFILE}
-                        chown -h ${TOMCAT_USER}:${TOMCAT_GROUP} ${PKI_PIDFILE}
-                    fi
-                    if [ -h ${PKI_LOCKFILE} ]; then
-                        rm -f ${PKI_LOCKFILE}
-                    fi
-                    if [ -f ${TOMCAT_LOCKFILE} ]; then
-                        ln -s ${TOMCAT_LOCKFILE} ${PKI_LOCKFILE}
-                    fi
-                    ;;
-            esac
-
-            return 0
-        fi
-    fi
-    return $rv
-}
-
-stop_instance()
-{
-    rv=0
-
-    # Invoke the initscript for this instance
-    $PKI_INSTANCE_INITSCRIPT stop
-    rv=$?
-
-    # On Tomcat subsystems, always remove the "pki subsystem identity" symlinks
-    # that were previously associated with the Tomcat 'pid' and 'lock' files.
-    case $PKI_SUBSYSTEM_TYPE in
-        ca|kra|ocsp|tks)
-            if [ -h ${PKI_PIDFILE} ]; then
-                rm -f ${PKI_PIDFILE}
-            fi
-            if [ -h ${PKI_LOCKFILE} ]; then
-                rm -f ${PKI_LOCKFILE}
-            fi
-            ;;
-    esac
-
-    return $rv
-}
-
-start()
-{
-    error_rv=0
-    rv=0
-    config_errors=0
-    errors=0
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then
-        echo
-        echo "ERROR:  No '${PKI_TYPE}' instances installed!"
-        # 5 program is not installed
-        return 5
-    fi
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ]; then
-        echo "BEGIN STARTING '${PKI_TYPE}' INSTANCES:"
-    fi
-
-    # Start every PKI instance of this type that isn't already running
-    for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
-        # Source values associated with this particular PKI instance
-        [ -f ${PKI_REGISTRY_ENTRY} ] &&
-        . ${PKI_REGISTRY_ENTRY}
-
-        [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
-        start_instance
-        rv=$?
-        if [ $rv = 6 ] ; then
-            # Since at least ONE configuration error exists, then there
-            # is at least ONE unconfigured instance from the PKI point
-            # of view.
-            #
-            # However, it must still be considered that the
-            # instance is "running" from the point of view of other
-            # OS programs such as 'chkconfig'.
-            #
-            # Therefore, ignore non-zero return codes resulting
-            # from configuration errors.
-            #
-
-            config_errors=`expr $config_errors + 1`
-            rv=0
-        elif [ $rv != 0 ] ; then
-            errors=`expr $errors + 1`
-            error_rv=$rv
-        fi
-    done
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt ${errors} ] ; then
-        touch ${lockfile}
-        chmod 00600 ${lockfile}
-    fi
-
-    # ONLY print a "WARNING" message if multiple
-    # instances are being examined
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
-        # NOTE:  "bad" return code(s) OVERRIDE configuration errors!
-        if [ ${errors} -eq 1 ]; then
-            # Since only ONE error exists, return that "bad" error code.
-            rv=${error_rv}
-        elif [ ${errors} -gt 1 ]; then
-            # Since MORE than ONE error exists, return an OVERALL status
-            # of "1 generic or unspecified error (current practice)"
-            rv=1
-        fi
-
-        if [ ${errors} -ge 1 ]; then
-            echo
-            echo -n "WARNING:  "
-            echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
-            echo -n "'${PKI_TYPE}' instances failed to start!"
-            echo
-        fi
-
-        if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then
-            echo
-            echo -n "WARNING:  "
-            echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} "
-            echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} "
-            echo -n "'${PKI_TYPE}' instances MUST be configured!"
-            echo
-        fi
-
-        echo
-        echo "FINISHED STARTING '${PKI_TYPE}' INSTANCE(S)."
-    fi
-
-    return $rv
-}
-
-stop()
-{
-    error_rv=0
-    rv=0
-    errors=0
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then
-        echo
-        echo "ERROR:  No '${PKI_TYPE}' instances installed!"
-        # 5 program is not installed
-        return 5
-    fi
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
-        echo "BEGIN SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S):"
-    fi
-
-    # Shutdown every PKI instance of this type that is running
-    for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
-        # Source values associated with this particular PKI instance
-        [ -f ${PKI_REGISTRY_ENTRY} ] &&
-        . ${PKI_REGISTRY_ENTRY}
-
-        [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
-        stop_instance
-        rv=$?
-        if [ $rv != 0 ] ; then
-            errors=`expr $errors + 1`
-            error_rv=$rv
-        fi
-    done
-
-    if [ ${errors} -eq 0 ] ; then
-        rm -f ${lockfile}
-    fi
-
-    # ONLY print a "WARNING" message if multiple
-    # instances are being examined
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
-        if [ ${errors} -eq 1 ]; then
-            # Since only ONE error exists, return that "bad" error code.
-            rv=${error_rv}
-        elif [ ${errors} -gt 1 ]; then
-            # Since MORE than ONE error exists, return an OVERALL status
-            # of "1 generic or unspecified error (current practice)"
-            rv=1
-        fi
-
-        if [ ${errors} -ge 1 ]; then
-            echo
-            echo -n "WARNING:  "
-            echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
-            echo -n "'${PKI_TYPE}' instances were "
-            echo -n "unsuccessfully stopped!"
-            echo
-        fi
-
-        echo
-        echo "FINISHED SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S)."
-    fi
-
-    return $rv
-}
-
-restart()
-{
-    stop
-    sleep 2
-    start
-
-    return $?
-}
-
-registry_status()
-{
-    error_rv=0
-    rv=0
-    errors=0
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then
-        echo
-        echo "ERROR:  No '${PKI_TYPE}' instances installed!"
-        # 4 program or service status is unknown
-        return 4
-    fi
-
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
-        echo "REPORT STATUS OF '${PKI_TYPE}' INSTANCE(S):"
-    fi
-
-    # Obtain status of every PKI instance of this type
-    for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do
-        # Source values associated with this particular PKI instance
-        [ -f ${PKI_REGISTRY_ENTRY} ] &&
-        . ${PKI_REGISTRY_ENTRY}
-
-        [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
-
-        display_instance_status
-        rv=$?
-        if [ $rv -ne 0 ] ; then
-            errors=`expr $errors + 1`
-            error_rv=$rv
-        fi
-    done
-
-    # ONLY print a "WARNING" message if multiple
-    # instances are being examined
-    if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then
-        if [ ${errors} -eq 1 ]; then
-            # Since only ONE error exists, return that "bad" error code.
-            rv=${error_rv}
-        elif [ ${errors} -gt 1 ]; then
-            # Since MORE than ONE error exists, return an OVERALL status
-            # of "4 - program or service status is unknown"
-            rv=4
-        fi
-
-        if [ ${errors} -ge 1 ]; then
-            echo
-            echo -n "WARNING:  "
-            echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} "
-            echo -n "'${PKI_TYPE}' instances reported status failures!"
-            echo
-        fi
-
-        if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then
-            echo
-            echo -n "WARNING:  "
-            echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} "
-            echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} "
-            echo -n "'${PKI_TYPE}' instances MUST be configured!"
-            echo
-        fi
-
-        echo
-        echo "FINISHED REPORTING STATUS OF '${PKI_TYPE}' INSTANCE(S)."
-    fi
-
-    return $rv
-}
-
Index: pki/base/common/scripts/pki_apache_initscript
===================================================================
--- pki/base/common/scripts/pki_apache_initscript	(revision 2193)
+++ pki/base/common/scripts/pki_apache_initscript	(working copy)
@@ -1,246 +0,0 @@
-#!/bin/bash
-
-command="$1"
-
-# Source function library.
-. /etc/init.d/functions
-
-PKI_REGISTRY_FILE=[PKI_REGISTRY_FILE]
-
-# Enable nullglob, if set then shell pattern globs which do not match any
-# file returns the empty string rather than the unmodified glob pattern.
-shopt -s nullglob
-
-OS=`uname -s`
-ARCHITECTURE=`uname -i`
-
-# Source values associated with this particular PKI instance
-if [ -f $PKI_REGISTRY_FILE ]; then
-    . ${PKI_REGISTRY_FILE}
-else
-    echo "No PKI registry file ($PKI_REGISTRY_FILE)"
-    case $command in
-        status)
-            exit 4
-            ;;
-        *)
-            exit 1
-            ;;
-    esac
-fi
-
-prog=$PKI_INSTANCE_ID
-lockfile=$PKI_LOCK_FILE
-pidfile=$PKI_PID_FILE
-
-
-STARTUP_WAIT=30
-SHUTDOWN_WAIT=30
-
-start()
-{
-    rv=0
-
-    echo -n $"Starting ${prog}: "
-
-    if [ -f ${lockfile} ] ; then
-	if [ -f ${pidfile} ]; then
-	    read kpid < ${pidfile}
-	    if checkpid $kpid 2>&1; then
-		echo
-		echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..."
-		echo
-                return 0
-	    else
-		echo
-		echo -n "lock file found but no process "
-		echo -n "running for pid $kpid, continuing"
-		echo
-		echo
-		rm -f ${lockfile}
-	    fi
-	fi
-    fi
-
-    touch ${pidfile}
-    chown ${PKI_USER}:${PKI_GROUP} ${pidfile}
-    chmod 00600 ${pidfile}
-    [ -x /sbin/restorecon ] && /sbin/restorecon  ${pidfile}
-
-    # restore context for ncipher hsm
-    [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
-    
-    /usr/sbin/selinuxenabled
-    rv=$?
-    if [ ${rv} = 0 ] ; then	
-	if [ ${ARCHITECTURE} = "i386" ] ; then
-	    LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
-            rv=$?
-	    # overwrite output from "daemon"
-	    echo -n $"Starting ${prog}: "
-	elif [ ${ARCHITECTURE} = "x86_64" ] ; then
-	    # NOTE:  "daemon" is incompatible with "httpd" on 64-bit architectures
-	    LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
-            rv=$?
-	fi
-    else
-	LANG=${PKI_HTTPD_LANG} daemon ${httpd} ${PKI_OPTIONS}
-        rv=$?
-	# overwrite output from "daemon"
-	echo -n $"Starting ${prog}: "
-    fi
-
-    if [ ${rv} = 0 ] ; then
-	touch ${lockfile}
-	chown ${PKI_USER}:${PKI_GROUP} ${lockfile}
-	chmod 00600 ${lockfile}
-
-	count=0;
-
-	let swait=$STARTUP_WAIT
-	until	[ -s ${pidfile} ] ||
-	[ $count -gt $swait ]
-	do
-	    echo -n "."
-	    sleep 1
-	    let count=$count+1;
-	done
-
-	echo_success
-        echo
-
-	# Set permissions of log files
-	for file in ${pki_logs_directory}/*; do
-            if [ `basename $file` != "signedAudit" ]; then
-	        chown ${PKI_USER}:${PKI_GROUP} ${file}
-	        chmod 00640 ${file}
-            fi
-	done
-
-        if [ -d ${pki_logs_directory}/signedAudit ]; then
-	    for file in ${pki_logs_directory}/signedAudit/*; do
-		chown ${PKI_USER} ${file}
-		chmod 00640 ${file}
-            done
-        fi
-
-    else
-	echo_failure
-        echo
-    fi
-
-	
-    return ${rv}
-}
-
-stop()
-{
-    rv=0
-
-    echo -n "Stopping ${prog}: "
-
-    if [ -f ${lockfile} ] ; then
-	${httpd} ${PKI_OPTIONS} -k stop
-	rv=$?
-
-	if [ ${rv} = 0 ]; then
-	    count=0;
-            
-	    if [ -f ${pidfile} ]; then
-		read kpid < ${pidfile}
-		let kwait=$SHUTDOWN_WAIT
-                
-		until	[ `ps -p $kpid | grep -c $kpid` = '0' ] ||
-		[ $count -gt $kwait ]
-		do
-		    echo -n "."
-		    sleep 1
-		    let count=$count+1;
-		done
-                
-		if [ $count -gt $kwait ]; then
-		    kill -9 $kpid
-		fi
-	    fi
-            
-	    rm -f ${lockfile}
-	    rm -f ${pidfile}
-            
-	    echo_success
-            echo
-	else
-	    echo_failure
-            echo
-	    rv=${default_error}
-	fi
-    else
-	echo
-	echo "process already stopped"
-	rv=0
-    fi
-    
-    return ${rv}
-}
-
-reload()
-{
-    rv=0
-    
-    echo -n $"Reloading ${prog}: "
-    
-    if ! LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS} -t >&/dev/null; then
-	rv=$?
-	echo $"not reloading due to configuration syntax error"
-	failure $"not reloading ${httpd} due to configuration syntax error"
-    else
-	killproc -p ${pidfile} ${httpd} -HUP
-	rv=$?
-    fi
-    echo
-
-    return ${rv}
-}
-
-instance_status()
-{
-    status -p ${pidfile} ${prog}
-    rv=$?
-    return $rv
-}
-
-# See how we were called.
-case $command in
-    status)
-        instance_status
-        exit $?
-        ;;
-    start)
-	start
-	exit $?
-	;;
-    restart)
-	restart
-	exit $?
-	;;
-    stop)
-	stop
-	exit $?
-	;;
-    condrestart|force-restart|try-restart)
-        [ ! -f ${lockfile} ] || restart
-        exit $?
-        ;;
-    reload)
-        echo "The 'reload' action is an unimplemented feature."
-        exit 3
-        ;;
-    condrestart|force-restart|try-restart)
-	[ ! -f ${lockfile} ] || restart
-	exit $?
-	;;
-    *)
-	echo "unknown action ($command)"
-	exit 2
-	;;
-esac
-
Index: pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
===================================================================
--- pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java	(revision 2193)
+++ pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java	(working copy)
@@ -180,11 +180,13 @@
         String type = "";
         String instanceId = "";
         String instanceRoot = "";
+        String systemdService = "";
         try {
             type = cs.getString("cs.type", "");
             instanceId = cs.getString("instanceId");
             instanceRoot = cs.getString("instanceRoot");
             select = cs.getString("preop.subsystem.select", "");
+            systemdService = cs.getString("pkicreate.systemd.servicename", "");
         } catch (Exception e) {}
 
         String initDaemon = "";
@@ -199,8 +201,13 @@
         }
         String os = System.getProperty( "os.name" );
         if( os.equalsIgnoreCase( "Linux" ) ) {
-            context.put( "initCommand", "/sbin/service " + initDaemon );
-            context.put( "instanceId", instanceId );
+            if (! systemdService.equals("")) {
+                context.put( "initCommand", "/bin/systemctl");
+                context.put( "instanceId", systemdService );
+            } else {
+                context.put( "initCommand", "/sbin/service " + initDaemon );
+                context.put( "instanceId", instanceId );
+            }
         } else {
             /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
             context.put( "initCommand", "/etc/init.d/" + initDaemon );
Index: pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
===================================================================
--- pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java	(revision 2193)
+++ pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java	(working copy)
@@ -99,11 +99,13 @@
         String default_admin_url = "";
         String name = "";
         String cstype = "";
+        String systemdService = "";
 
         try {
             default_admin_url = config.getString("preop.securitydomain.admin_url", "");
             name = config.getString("preop.securitydomain.name", "");
             cstype = config.getString("cs.type", "");
+            systemdService = config.getString("pkicreate.systemd.servicename", "");
         } catch (Exception e) {
             CMS.debug(e.toString());
         }
@@ -214,8 +216,13 @@
         String instanceId = "&lt;security_domain_instance_name&gt;";
         String os = System.getProperty( "os.name" );
         if( os.equalsIgnoreCase( "Linux" ) ) {
-            context.put( "initCommand", "/sbin/service " + initDaemon );
-            context.put( "instanceId", instanceId );
+            if (! systemdService.equals("")) {
+                context.put( "initCommand", "/usr/bin/pkicontrol" );
+                context.put( "instanceId", "ca " + systemdService );
+            } else {
+                context.put( "initCommand", "/sbin/service " + initDaemon );
+                context.put( "instanceId", instanceId );
+            }
         } else {
             /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
             context.put( "initCommand", "/etc/init.d/" + initDaemon );
Index: pki/base/common/CMakeLists.txt
===================================================================
--- pki/base/common/CMakeLists.txt	(revision 2193)
+++ pki/base/common/CMakeLists.txt	(working copy)
@@ -2,18 +2,6 @@
 
 install(
     FILES
-        scripts/functions
-        scripts/pki_apache_initscript
-    DESTINATION
-        ${DATA_INSTALL_DIR}/scripts/
-    PERMISSIONS
-        OWNER_EXECUTE OWNER_WRITE OWNER_READ
-        GROUP_EXECUTE GROUP_READ
-        WORLD_EXECUTE WORLD_READ
-)
-
-install(
-    FILES
         setup/CertServer.directory
         setup/menu.xml
     DESTINATION
Index: pki/base/setup/pkiremove
===================================================================
--- pki/base/setup/pkiremove	(revision 2193)
+++ pki/base/setup/pkiremove	(working copy)
@@ -120,11 +120,18 @@
 # PKI registry variables
 my $pki_registry_subsystem_path     = undef;
 
+#systemd specific variables
+my $use_systemd                        = 0;
+my $pki_instance_systemd_service_name  = undef;
+
 ##############################################################
 # Platform-Dependent Data Initialization
 ##############################################################
 
 if ($^O eq "linux") {
+    if (is_Fedora() && (fedora_release() >= 16)) {
+        $use_systemd = 1;
+    }
 } else {
     emit("Unsupported platform '$^O'!\n", "error");
     exit 255;
@@ -484,23 +491,22 @@
         } 
     }
 
-    # De-register this instance with "chkconfig"
-    if ($^O eq "linux") {
-        if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
-            # De-register this instance with '/sbin/chkconfig'
-            print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n");
-            deregister_pki_instance_with_chkconfig($pki_instance_name);
-        }
-    }
-
     $pki_registry_initscript = get_registry_initscript_name($subsystem_type);
 
     # Shutdown this instance
     if ($^O eq "linux") {
-        if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
-            $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop";
+        if ($use_systemd) {
+            $pki_instance_systemd_service_name =
+                "${pki_registry_initscript}\ ${pki_instance_name} service";
+            $pki_registry_initscript_command = 
+                "/bin/systemctl stop $pki_instance_systemd_service_name";
         } else {
-            $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript stop $pki_instance_name";
+            if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
+                $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop";
+            } else {
+                $pki_registry_initscript_command = 
+                    "/sbin/service $pki_registry_initscript stop $pki_instance_name";
+            }
         }
     } else {
         emit("Unsupported platform '$^O'!\n", "error");
@@ -508,11 +514,26 @@
     }
     run_command($pki_registry_initscript_command);
 
+    if (!$use_systemd) {
+        # De-register this instance with "chkconfig"
+        if ($^O eq "linux") {
+            if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
+                # De-register this instance with '/sbin/chkconfig'
+                print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n");
+                deregister_pki_instance_with_chkconfig($pki_instance_name);
+            }
+        }
+    }
+
     print(STDOUT "\n");
 
     # Remove all installed files and directories.
     $result = 0 if !uninstall($install_info);
 
+    if ($use_systemd) {
+        run_command("/bin/systemctl --system daemon-reload");
+    }
+
     print(STDOUT "\n");
 
     return $result;
Index: pki/base/setup/pkicommon.pm
===================================================================
--- pki/base/setup/pkicommon.pm	(revision 2193)
+++ pki/base/setup/pkicommon.pm	(working copy)
@@ -49,7 +49,7 @@
  parse_install_info parse_old_cleanup read_old_cleanup
  read_install_info read_install_info_from_dir write_install_info_to_dir uninstall
  is_Windows is_Linux is_Fedora is_RHEL is_RHEL4 setup_platform_dependent_parameters
- set_library_path get_library_path
+ set_library_path get_library_path fedora_release
  check_for_root_UID user_disallows_shell
  user_exists create_user
  group_exists create_group user_is_a_member_of_group add_user_as_a_member_of_group
@@ -802,7 +802,22 @@
     return 0;
 }
 
+# no args
+# return release_number
+# return 0 if not found
+sub fedora_release {
+    my $releasefd = new FileHandle;
+    if ($releasefd->open("< /etc/fedora-release")) {
+            while (defined(my $line = <$releasefd>)) {
+                if ($line =~ /Fedora release (\d*)/) {
+                    return $1;
+                }
+            }
+    }
+    return 0;
+}
 
+
 # no args
 # no return value
 sub setup_platform_dependent_parameters
@@ -2118,7 +2133,7 @@
     foreach $split_path (@pathname) {
         chomp($split_path);
 
-        if (!($split_path !~ /^[-_.a-zA-Z0-9\[\]]+$/)) {
+        if (!($split_path !~ /^[-_ a-zA-Z0-9\[\]\ ]+$/)) {
             $valid = 1;
         } else {
             $valid = 0;
Index: pki/base/setup/pkicreate
===================================================================
--- pki/base/setup/pkicreate	(revision 2193)
+++ pki/base/setup/pkicreate	(working copy)
@@ -332,6 +332,7 @@
 my $PKI_AJP_PORT_SLOT                                  = "PKI_AJP_PORT";
 my $PROXY_SECURE_PORT_SLOT                             = "PKI_PROXY_SECURE_PORT";
 my $PROXY_UNSECURE_PORT_SLOT                           = "PKI_PROXY_UNSECURE_PORT";
+my $PKI_SYSTEMD_SERVICENAME_SLOT                       = "PKI_SYSTEMD_SERVICENAME";
 my $PKI_UNSECURE_PORT_NAME                  = "Unsecure";
 my $PKI_AGENT_SECURE_PORT_NAME              = "Agent";
 my $PKI_ADMIN_SECURE_PORT_NAME              = "Admin";
@@ -577,7 +578,13 @@
 my $root_group                       = undef;
 my $pki_instance_initscript_path     = undef;
 
+#systemd specific variables
+my $use_systemd                        = 0;
+my $pki_subsystem_systemd_wants_path   = undef;
+my $pki_subsystem_systemd_service_path = undef;
+my $pki_instance_systemd_service_name  = undef;
 
+
 ##############################################################
 # Platform-Dependent Data Initialization
 ##############################################################
@@ -587,8 +594,16 @@
     $setup_config_area = "/usr/share/applications";
     $setup_config_name = "config.desktop";
 
+    if (is_Fedora() && (fedora_release() >= 16)) {
+        $use_systemd = 1;
+    }
+
     # Linux init scripts
-    $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6";
+    if ($use_systemd) {
+        $tomcat6_initscript_path = "/usr/sbin/tomcat6-sysd";
+    } else {
+        $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6";
+    }
 
     # Tomcat instance config directory
     $tomcat6_instance_config_path = "/etc/sysconfig";
@@ -1432,7 +1447,14 @@
     $pki_registry_subsystem_file_path = $setup_subsystem_path
                                       . "/" . $registry_template_base_name;
 
+    $pki_registry_initscript = get_registry_initscript_name($subsystem_type);
 
+    ## systemd subsystem variables
+    $pki_subsystem_systemd_wants_path = 
+        "/etc/systemd/system/${pki_registry_initscript}.target.wants";
+    $pki_subsystem_systemd_service_path = 
+        "/lib/systemd/system/${pki_registry_initscript}\  service";
+
     ## Initialize subsystem directory paths (CA subsystems)
     if ($subsystem_type eq $CA) {
         $emails_subsystem_path = $pki_subsystem_path
@@ -1512,6 +1534,10 @@
                                     . "/" . $pki_instance_name
                                     . ".pid";
 
+    ## systemd instance service name
+    $pki_instance_systemd_service_name =   
+        "${pki_registry_initscript}\ ${pki_instance_name} service";
+
     ## Initialize instance directory paths (RA, TPS instances)
     if ($subsystem_type eq $RA || $subsystem_type eq $TPS) {
         if ($subsystem_type eq $TPS) {
@@ -1597,8 +1623,6 @@
     $setup_config_subsystem_file_path = $setup_subsystem_path
                                       . "/" . $setup_config_name;
 
-    $pki_registry_initscript = get_registry_initscript_name($subsystem_type);
-
     ## Initialize subdirectory paths (CA subsystems)
     if ($subsystem_type eq $CA) {
         $profile_select_template_subsystem_file_path = $ui_subsystem_path 
@@ -2401,6 +2425,12 @@
         $slot_hash{$PKI_SERVER_XML_CONF}       = $server_xml_instance_file_path;
         $slot_hash{$PKI_UNSECURE_PORT_SLOT}    = $unsecure_port;
 
+        if ($use_systemd) {
+            $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = $pki_instance_systemd_service_name;
+        } else {
+            $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = "";
+        }
+
         # Define "Port Separation" (default) versus "Shared Ports" (legacy)
         if ($use_port_separation) {
             # Establish "Port Separation" Connector Names
@@ -2803,7 +2833,17 @@
         # to find our tomcat6 configuration file in /etc/sysconfig
         return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path,
                                     $root_user, $root_group);
+        if ($use_systemd) {
+            return 0 if !create_symlink(
+                "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", 
+                "$pki_subsystem_systemd_service_path",
+                 $root_user, $root_group);
+            
+            # reload systemd configuration
+            run_command("/bin/systemctl --system daemon-reload"); 
 
+        }
+
         return 0 if !create_directory($webinf_lib_instance_path,
                                       $default_dir_permissions, $pki_user, $pki_group);
 
@@ -3353,7 +3393,13 @@
 
     printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path());
 
-    $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript restart $pki_instance_name";
+    if ($use_systemd) {
+        $pki_registry_initscript_command = 
+            "/bin/systemctl restart $pki_instance_systemd_service_name";
+    } else {
+        $pki_registry_initscript_command = 
+            "/sbin/service $pki_registry_initscript restart $pki_instance_name";
+    }
 
     $command = "${pki_registry_initscript_command}";
     run_command($command);
Index: pki/base/setup/scripts/pkicontrol
===================================================================
--- pki/base/setup/scripts/pkicontrol	(revision 0)
+++ pki/base/setup/scripts/pkicontrol	(revision 0)
@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007-2010 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+PROG_NAME=`basename $0`
+SERVICE_NAME="pkicontrol"
+SERVICE_PROG="/bin/systemctl"
+
+command="$1"
+pki_subsystem_type="$2"
+pki_instance="$3"
+
+PKI_PATH="/usr/share/pki/${pki_subsystem_type}"
+PKI_REGISTRY="/etc/sysconfig/pki/${pki_subsystem_type}"
+PKI_TYPE="pki-${pki_subsystem_type}"
+PKI_SYSTEMD_TARGET="pki-${pki_subsystem_type}d"
+SYSTEMD=1
+
+# Source the PKI function library
+. /usr/share/pki/scripts/functions
+
+# See how we were called.
+case $command in
+    status)
+	registry_status
+	exit $?
+	;;
+    start)
+	start
+	exit $?
+	;;
+    restart)
+	restart
+	exit $?
+	;;
+    stop)
+	stop
+	exit $?
+	;;
+    condrestart|force-restart|try-restart)
+        [ ! -f ${lockfile} ] || restart
+        exit $?
+        ;;
+    reload)
+        echo "The 'reload' action is an unimplemented feature."
+        exit ${default_error}
+        ;;
+    *)
+	echo "unknown action ($command)"
+        usage
+        echo "where valid instance names include:"
+        list_instances
+        exit ${default_error}
+        ;;
+esac
+

Property changes on: pki/base/setup/scripts/pkicontrol
___________________________________________________________________
Added: svn:executable
   + *

Index: pki/base/setup/scripts/functions
===================================================================
--- pki/base/setup/scripts/functions	(revision 2193)
+++ pki/base/setup/scripts/functions	(working copy)
@@ -143,6 +143,24 @@
     echo
 }
 
+usage_systemd()
+{
+    echo -n "Usage: /usr/bin/pkicontrol "
+    echo -n "{start"
+    echo -n "|stop"
+    echo -n "|restart"
+    echo -n "|condrestart"
+    echo -n "|force-restart"
+    echo -n "|try-restart"
+    echo -n "|reload"
+    echo -n "|status} "
+    echo -n "subsytem-type "
+    echo -n "[instance-name]"
+    echo
+    echo
+}
+
+
 list_instances()
 {
     echo
@@ -154,36 +172,69 @@
 }
 
 # Check arguments
-if [ $# -lt 1 ] ; then
-    # 3 unimplemented feature (for example, "reload")
-    #     [insufficient arguments]
-    echo "$PROG_NAME:  Insufficient arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    exit 3
-elif [ ${default_error} -eq 2 ] ; then
-    # 2 invalid argument
-    echo "$PROG_NAME:  Invalid arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    exit 2
-elif [ $# -gt 2 ] ; then
-    echo "$PROG_NAME:  Excess arguments!"
-    echo
-    usage
-    echo "where valid instance names include:"
-    list_instances
-    if [ "${command}" != "status" ]; then
-        # 2 excess arguments
+if [ $SYSTEMD ]; then
+    if [ $# -lt 2 ] ; then
+        #     [insufficient arguments]
+        echo "$PROG_NAME:  Insufficient arguments!"
+        echo
+        usage_systemd
+        echo "where valid instance names include:"
+        list_instances
+        exit 3
+    elif [ ${default_error} -eq 2 ] ; then
+        # 2 invalid argument
+        echo "$PROG_NAME:  Invalid arguments!"
+        echo
+        usage_systemd
+        echo "where valid instance names include:"
+        list_instances
         exit 2
-    else
-        # 4 program or service status is unknown
-        exit 4
+    elif [ $# -gt 3 ] ; then
+        echo "$PROG_NAME:  Excess arguments!"
+        echo
+        usage_systemd
+        echo "where valid instance names include:"
+        list_instances
+        if [ "${command}" != "status" ]; then
+            # 2 excess arguments
+            exit 2
+        else
+            # 4 program or service status is unknown
+            exit 4
+        fi
     fi
+else  
+    if [ $# -lt 1 ] ; then
+        # 3 unimplemented feature (for example, "reload")
+        #     [insufficient arguments]
+        echo "$PROG_NAME:  Insufficient arguments!"
+        echo
+        usage
+        echo "where valid instance names include:"
+        list_instances
+        exit 3
+    elif [ ${default_error} -eq 2 ] ; then
+        # 2 invalid argument
+        echo "$PROG_NAME:  Invalid arguments!"
+        echo
+        usage
+        echo "where valid instance names include:"
+        list_instances
+        exit 2
+    elif [ $# -gt 2 ] ; then
+        echo "$PROG_NAME:  Excess arguments!"
+        echo
+        usage
+        echo "where valid instance names include:"
+        list_instances
+        if [ "${command}" != "status" ]; then
+            # 2 excess arguments
+            exit 2
+        else
+            # 4 program or service status is unknown
+            exit 4
+        fi
+    fi
 fi
 
 # If an "instance" was supplied, check that it is a "valid" instance
@@ -198,8 +249,11 @@
     done
     if [ $valid -eq 0 ]; then
         echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance"
-        echo_failure
+        if [ ! $SYSTEMD ]; then
+            echo_failure
+        fi
         echo
+
         if [ "${command}" != "status" ]; then
             # 5 program is not installed
             exit 5
@@ -314,11 +368,7 @@
 
     done
 
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
+    return 0;
 }
 
 get_pki_status_definitions_tps()
@@ -377,11 +427,7 @@
 
     done
 
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
+    return 0;
 }
 
 get_pki_status_definitions_tomcat()
@@ -442,11 +488,7 @@
         fi
     done
 
-    if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
-        return 0
-    else
-        return ${default_error}
-    fi
+    return 0;
 }
 
 get_pki_configuration_definitions()
@@ -661,10 +703,24 @@
     return $result
 }
 
+display_instance_status_systemd()
+{
+    echo -n "Status for ${PKI_INSTANCE_ID}: "
+    systemctl status "$PKI_SYSTEMD_TARGET $PKI_INSTANCE_ID service" > /dev/null 2>&1
+    rv=$?
+
+    if [ $rv -eq 0 ] ; then
+        echo "$PKI_INSTANCE_ID is running .."
+        display_configuration_information
+    else
+        echo "$PKI_INSTANCE_ID is stopped"
+    fi
+
+    return $rv
+}
+
 display_instance_status()
 {
-    rv=0
-
     # Verify there is an initscript for this instance
     if [ ! -f $PKI_INSTANCE_INITSCRIPT ]; then
         # 4 program or service status is unknown
@@ -693,6 +749,12 @@
     # Invoke the initscript for this instance
     case $PKI_SUBSYSTEM_TYPE in
         ca|kra|ocsp|tks)
+
+            # We must export the service name so that the systemd version 
+            # of the tomcat6 init script knows which instance specific
+            # configuration file to source.
+            export SERVICE_NAME=$PKI_INSTANCE_ID
+
             if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
                 /usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \
                      $PKI_INSTANCE_INITSCRIPT start
@@ -790,6 +852,7 @@
 {
     rv=0
 
+    export SERVICE_NAME=$PKI_INSTANCE_ID
     # Invoke the initscript for this instance
     $PKI_INSTANCE_INITSCRIPT stop
     rv=$?
@@ -1000,8 +1063,20 @@
 
         [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
 
-        display_instance_status
-        rv=$?
+        case $PKI_SUBSYSTEM_TYPE in
+            ca|kra|ocsp|tks)
+                if [ $SYSTEMD ]; then 
+                    display_instance_status_systemd
+                else 
+                    display_instance_status
+                fi
+                rv=$?
+                ;;
+            tps|ra)
+                display_instance_status
+                rv=$?
+                ;;
+        esac
         if [ $rv -ne 0 ] ; then
             errors=`expr $errors + 1`
             error_rv=$rv
Index: pki/base/setup/CMakeLists.txt
===================================================================
--- pki/base/setup/CMakeLists.txt	(revision 2193)
+++ pki/base/setup/CMakeLists.txt	(working copy)
@@ -4,6 +4,7 @@
     FILES
         pkicreate
         pkiremove
+        scripts/pkicontrol
     DESTINATION
         ${BIN_INSTALL_DIR}
     PERMISSIONS
@@ -15,6 +16,8 @@
 install(
     FILES
         pkicommon.pm
+        scripts/functions
+        scripts/pki_apache_initscript
     DESTINATION
         ${DATA_INSTALL_DIR}/scripts/
     PERMISSIONS
Index: pki/base/tks/shared/conf/CS.cfg.in
===================================================================
--- pki/base/tks/shared/conf/CS.cfg.in	(revision 2193)
+++ pki/base/tks/shared/conf/CS.cfg.in	(working copy)
@@ -12,6 +12,7 @@
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
 pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 cs.type=TKS
Index: pki/base/tks/shared/lib/systemd/system/pki-tksd  service
===================================================================
--- pki/base/tks/shared/lib/systemd/system/pki-tksd  service	(revision 0)
+++ pki/base/tks/shared/lib/systemd/system/pki-tksd  service	(revision 0)
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Token Key Service %i
+After=pki-tksd.target
+BindTo=pki-tksd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tks %i
+ExecStop=/usr/bin/pkicontrol stop tks %i
+
+[Install]
+WantedBy=multi-user.target
+
Index: pki/base/tks/shared/lib/systemd/system/pki-tksd.target
===================================================================
--- pki/base/tks/shared/lib/systemd/system/pki-tksd.target	(revision 0)
+++ pki/base/tks/shared/lib/systemd/system/pki-tksd.target	(revision 0)
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Token Key Service
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
Index: pki/base/tks/CMakeLists.txt
===================================================================
--- pki/base/tks/CMakeLists.txt	(revision 2193)
+++ pki/base/tks/CMakeLists.txt	(working copy)
@@ -4,6 +4,19 @@
 add_subdirectory(setup)
 add_subdirectory(shared/conf)
 
+# install systemd scripts
+install(
+    FILES
+        shared/lib/systemd/system/pki-tksd.target
+        shared/lib/systemd/system/pki-tksd  service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -28,6 +41,8 @@
         "etc/*" EXCLUDE
     PATTERN
         "CS.cfg.in" EXCLUDE
+    PATTERN
+        "lib/*" EXCLUDE
 )
 
 # install empty directories
@@ -42,3 +57,9 @@
     DESTINATION
         ${VAR_INSTALL_DIR}/run/pki/tks
 )
+
+install(
+    DIRECTORY
+    DESTINATION 
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-tksd.target.wants
+)
Index: pki/base/ocsp/shared/conf/CS.cfg.in
===================================================================
--- pki/base/ocsp/shared/conf/CS.cfg.in	(revision 2193)
+++ pki/base/ocsp/shared/conf/CS.cfg.in	(working copy)
@@ -12,6 +12,7 @@
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
 pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 cs.type=OCSP
Index: pki/base/ocsp/shared/lib/systemd/system/pki-ocspd  service
===================================================================
--- pki/base/ocsp/shared/lib/systemd/system/pki-ocspd  service	(revision 0)
+++ pki/base/ocsp/shared/lib/systemd/system/pki-ocspd  service	(revision 0)
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Online Certificate Status Protocol Server %i
+After=pki-ocspd.target
+BindTo=pki-ocspd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ocsp %i
+ExecStop=/usr/bin/pkicontrol stop ocsp %i
+
+[Install]
+WantedBy=multi-user.target
+
Index: pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target
===================================================================
--- pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target	(revision 0)
+++ pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target	(revision 0)
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Online Certificate Status Protocol Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
Index: pki/base/ocsp/CMakeLists.txt
===================================================================
--- pki/base/ocsp/CMakeLists.txt	(revision 2193)
+++ pki/base/ocsp/CMakeLists.txt	(working copy)
@@ -4,6 +4,19 @@
 add_subdirectory(setup)
 add_subdirectory(shared/conf)
 
+# install systemd scripts
+install(
+    FILES
+        shared/lib/systemd/system/pki-ocspd.target
+        shared/lib/systemd/system/pki-ocspd  service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -28,6 +41,8 @@
         "etc/*" EXCLUDE
     PATTERN
         "CS.cfg.in" EXCLUDE
+    PATTERN
+        "lib/*" EXCLUDE
 )
 
 # install empty directories
@@ -42,3 +57,9 @@
     DESTINATION
         ${VAR_INSTALL_DIR}/run/pki/ocsp
 )
+
+install(
+    DIRECTORY
+    DESTINATION 
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-ocspd.target.wants
+)
Index: pki/base/kra/shared/conf/CS.cfg.in
===================================================================
--- pki/base/kra/shared/conf/CS.cfg.in	(revision 2193)
+++ pki/base/kra/shared/conf/CS.cfg.in	(working copy)
@@ -12,6 +12,7 @@
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
 pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 preop.wizard.name=DRM Setup Wizard
Index: pki/base/kra/shared/lib/systemd/system/pki-krad  service
===================================================================
--- pki/base/kra/shared/lib/systemd/system/pki-krad  service	(revision 0)
+++ pki/base/kra/shared/lib/systemd/system/pki-krad  service	(revision 0)
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Key Recovery Authority Server %i
+After=pki-krad.target
+BindTo=pki-krad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start kra %i
+ExecStop=/usr/bin/pkicontrol stop kra %i
+
+[Install]
+WantedBy=multi-user.target
+
Index: pki/base/kra/shared/lib/systemd/system/pki-krad.target
===================================================================
--- pki/base/kra/shared/lib/systemd/system/pki-krad.target	(revision 0)
+++ pki/base/kra/shared/lib/systemd/system/pki-krad.target	(revision 0)
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Key Recovery Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
Index: pki/base/kra/CMakeLists.txt
===================================================================
--- pki/base/kra/CMakeLists.txt	(revision 2193)
+++ pki/base/kra/CMakeLists.txt	(working copy)
@@ -4,6 +4,19 @@
 add_subdirectory(setup)
 add_subdirectory(shared/conf)
 
+# install systemd scripts
+install(
+    FILES
+        shared/lib/systemd/system/pki-krad.target
+        shared/lib/systemd/system/pki-krad  service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -28,6 +41,8 @@
         "etc/*" EXCLUDE
     PATTERN
         "conf/CS.cfg.in" EXCLUDE
+    PATTERN
+        "lib/*" EXCLUDE
 )
 
 # install empty directories
@@ -42,3 +57,10 @@
     DESTINATION
         ${VAR_INSTALL_DIR}/run/pki/kra
 )
+
+install(
+    DIRECTORY
+    DESTINATION 
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-krad.target.wants
+)
+
Index: pki/CMakeLists.txt
===================================================================
--- pki/CMakeLists.txt	(revision 2193)
+++ pki/CMakeLists.txt	(working copy)
@@ -23,20 +23,20 @@
 elseif (BUILD_PKI_CORE)
     set(APPLICATION_FLAVOR_PKI_CORE TRUE)
     # override APPLICATION VERSION
-    set(APPLICATION_VERSION_PATCH "12")
+    set(APPLICATION_VERSION_PATCH "13")
 elseif (BUILD_PKI_KRA)
     set(APPLICATION_FLAVOR_PKI_KRA TRUE)
     # override APPLICATION VERSION
-    set(APPLICATION_VERSION_PATCH "5")
+    set(APPLICATION_VERSION_PATCH "6")
 elseif (BUILD_PKI_OCSP)
     set(APPLICATION_FLAVOR_PKI_OCSP TRUE)
-    set(APPLICATION_VERSION_PATCH "4")
+    set(APPLICATION_VERSION_PATCH "5")
 elseif (BUILD_PKI_RA)
     set(APPLICATION_FLAVOR_PKI_RA TRUE)
     set(APPLICATION_VERSION_PATCH "3")
 elseif (BUILD_PKI_TKS)
     set(APPLICATION_FLAVOR_PKI_TKS TRUE)
-    set(APPLICATION_VERSION_PATCH "4")
+    set(APPLICATION_VERSION_PATCH "5")
 elseif (BUILD_PKI_TPS)
     set(APPLICATION_FLAVOR_PKI_TPS TRUE)
     # override APPLICATION VERSION
Index: pki/specs/pki-core.spec
===================================================================
--- pki/specs/pki-core.spec	(revision 2193)
+++ pki/specs/pki-core.spec	(working copy)
@@ -1,5 +1,5 @@
 Name:             pki-core
-Version:          9.0.12
+Version:          9.0.13
 Release:          1%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
@@ -32,6 +32,9 @@
 BuildRequires:    velocity
 BuildRequires:    xalan-j2
 BuildRequires:    xerces-j2
+%if 0%{?fedora} >= 16
+BuildRequires:    systemd-units
+%endif
 
 Source0:          http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -323,10 +326,17 @@
 Requires:         pki-ca-theme >= 9.0.0
 Requires:         pki-common = %{version}-%{release}
 Requires:         pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post):   systemd-units
+Requires(preun):  systemd-units
+Requires(postun): systemd-units
+%else 
 Requires(post):   chkconfig
 Requires(preun):  chkconfig
 Requires(preun):  initscripts
 Requires(postun): initscripts
+%endif
+
 %if 0%{?fedora} >= 15
 # Details:
 #
@@ -402,8 +412,9 @@
 %{__rm} symkey.jar
 %{__ln_s} symkey-%{version}.jar symkey.jar
 
+mkdir %{buildroot}%{_jnidir}
 cd %{buildroot}%{_jnidir}
-%{__rm} symkey.jar
+#%{__rm} symkey.jar
 %{__ln_s} %{_libdir}/symkey/symkey.jar symkey.jar
 
 %if 0%{?fedora} >= 15
@@ -420,7 +431,14 @@
 echo "D /var/run/pki/ca 0755 root root -"  >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
 %endif
 
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
 
+
 %pre -n pki-selinux
 %saveFileContext targeted
 
@@ -442,8 +460,8 @@
      %relabel targeted
 fi
 
-
-%post -n pki-ca
+%if 0%{?fedora} < 16
+%post -n pki-ca 
 # This adds the proper /etc/rc*.d links for the script
 /sbin/chkconfig --add pki-cad || :
 
@@ -460,7 +478,25 @@
     /sbin/service pki-cad condrestart >/dev/null 2>&1 || :
 fi
 
+%else 
+%post -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
 
+%preun -n pki-ca
+if [ $1 = 0 ] ; then
+    /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
+    /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+    /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
+fi
+%endif
+
+
 %files -n pki-setup
 %defattr(-,root,root,-)
 %doc base/setup/LICENSE
@@ -469,8 +505,13 @@
 %dir %{_datadir}/pki
 %dir %{_datadir}/pki/scripts
 %{_datadir}/pki/scripts/pkicommon.pm
+%{_datadir}/pki/scripts/functions
+%{_datadir}/pki/scripts/pki_apache_initscript
 %dir %{_localstatedir}/lock/pki
 %dir %{_localstatedir}/run/pki
+%if 0%{?fedora} >= 16
+%{_bindir}/pkicontrol
+%endif
 
 
 %files -n pki-symkey
@@ -478,8 +519,8 @@
 %doc base/symkey/LICENSE
 %{_jnidir}/symkey.jar
 %{_libdir}/symkey/
+/usr/lib/java/symkey.jar
 
-
 %files -n pki-native-tools
 %defattr(-,root,root,-)
 %doc base/native-tools/LICENSE base/native-tools/doc/README
@@ -549,8 +590,6 @@
 %{_javadir}/pki/pki-cmsbundle.jar
 %{_javadir}/pki/pki-cmscore-%{version}.jar
 %{_javadir}/pki/pki-cmscore.jar
-%{_datadir}/pki/scripts/functions
-%{_datadir}/pki/scripts/pki_apache_initscript
 %{_datadir}/pki/setup/
 
 %files -n pki-common-javadoc
@@ -567,7 +606,13 @@
 %files -n pki-ca
 %defattr(-,root,root,-)
 %doc base/ca/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{_unitdir}/pki-cad  service
+%{_unitdir}/pki-cad.target
+%else 
 %{_initrddir}/pki-cad
+%endif
 %{_javadir}/pki/pki-ca-%{version}.jar
 %{_javadir}/pki/pki-ca.jar
 %dir %{_datadir}/pki/ca
@@ -599,6 +644,14 @@
 
 
 %changelog
+* Tue Sep 6 2011 Ade Lee <alee redhat com> 9.0.13-1
+- 'pki-setup'
+-      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-ca'
+-      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-common'
+-      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
 * Tue Aug 23 2011 Matthew Harmsen <mharmsen redhat com> 9.0.12-1
 - 'pki-setup'
 -      Bugzilla Bug #712931 - CS requires too many ports
Index: pki/specs/pki-kra.spec
===================================================================
--- pki/specs/pki-kra.spec	(revision 2193)
+++ pki/specs/pki-kra.spec	(working copy)
@@ -1,5 +1,5 @@
 Name:             pki-kra
-Version:          9.0.5
+Version:          9.0.6
 Release:          1%{?dist}
 Summary:          Certificate System - Data Recovery Manager
 URL:              http://pki.fedoraproject.org/
@@ -18,15 +18,25 @@
 BuildRequires:    nss-devel
 BuildRequires:    pki-common
 BuildRequires:    pki-util
+%if 0%{?fedora} >= 16
+BuildRequires:    systemd-units
+%endif
 
 Requires:         java >= 1:1.6.0
 Requires:         pki-common
 Requires:         pki-kra-theme
 Requires:         pki-selinux
+%if 0%{?fedora} >= 16
+Requires(post):   systemd-units
+Requires(preun):  systemd-units
+Requires(postun): systemd-units
+%else 
 Requires(post):   chkconfig
 Requires(preun):  chkconfig
 Requires(preun):  initscripts
 Requires(postun): initscripts
+%endif
+
 %if 0%{?fedora} >= 15
 # Details:
 #
@@ -117,7 +127,14 @@
 echo "D /var/run/pki/kra 0755 root root -"  >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
 %endif
 
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-krad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
 
+%if 0%{?fedora} < 16
 %post
 # This adds the proper /etc/rc*.d links for the script
 /sbin/chkconfig --add pki-krad || :
@@ -134,12 +151,33 @@
 if [ "$1" -ge "1" ] ; then
     /sbin/service pki-krad condrestart >/dev/null 2>&1 || :
 fi
+%else
+%post
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ 
+%preun 
+if [ $1 = 0 ] ; then
+    /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
+    /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
+fi
 
+%postun 
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+    /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
+fi
+%endif
 
 %files
 %defattr(-,root,root,-)
 %doc base/kra/LICENSE
-%{_initrddir}/pki-krad
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{_unitdir}/pki-krad  service
+%{_unitdir}/pki-krad.target
+%else 
+%{_initrddir}/pki-cad
+%endif
 %{_javadir}/pki/pki-kra-%{version}.jar
 %{_javadir}/pki/pki-kra.jar
 %dir %{_datadir}/pki/kra
@@ -159,6 +197,9 @@
 
 
 %changelog
+* Tue Sep 6 2011 Ade Lee <alee redhat com> 9.0.6-1
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
 * Tue Aug 23 2011 Ade Lee <alee redhat com> 9.0.5-1
 - Bugzilla Bug #712931 - CS requires too many ports
   to be open in the FW
Index: pki/specs/pki-tks.spec
===================================================================
--- pki/specs/pki-tks.spec	(revision 2193)
+++ pki/specs/pki-tks.spec	(working copy)
@@ -1,5 +1,5 @@
 Name:             pki-tks
-Version:          9.0.4
+Version:          9.0.5
 Release:          1%{?dist}
 Summary:          Certificate System - Token Key Service
 URL:              http://pki.fedoraproject.org/
@@ -18,15 +18,25 @@
 BuildRequires:    nss-devel
 BuildRequires:    pki-common
 BuildRequires:    pki-util
+%if 0%{?fedora} >= 16
+BuildRequires:    systemd-units
+%endif
 
 Requires:         java >= 1:1.6.0
 Requires:         pki-common
 Requires:         pki-selinux
 Requires:         pki-tks-theme
+%if 0%{?fedora} >= 16
+Requires(post):   systemd-units
+Requires(preun):  systemd-units
+Requires(postun): systemd-units
+%else 
 Requires(post):   chkconfig
 Requires(preun):  chkconfig
 Requires(preun):  initscripts
 Requires(postun): initscripts
+%endif
+
 %if 0%{?fedora} >= 15
 # Details:
 #
@@ -118,29 +128,56 @@
 echo "D /var/run/pki/tks 0755 root root -"  >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
 %endif
 
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-tksd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
 
+%if 0%{?fedora} < 16
 %post
 # This adds the proper /etc/rc*.d links for the script
 /sbin/chkconfig --add pki-tksd || :
 
-
 %preun
 if [ $1 = 0 ] ; then
     /sbin/service pki-tksd stop >/dev/null 2>&1
     /sbin/chkconfig --del pki-tksd || :
 fi
 
-
 %postun
 if [ "$1" -ge "1" ] ; then
     /sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
 fi
+%else 
+%post 
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ 
+%preun
+if [ $1 = 0 ] ; then
+    /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
+    /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
+fi
 
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+    /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
+fi
+%endif
 
+
 %files
 %defattr(-,root,root,-)
 %doc base/tks/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{_unitdir}/pki-tksd  service
+%{_unitdir}/pki-tksd.target
+%else 
 %{_initrddir}/pki-tksd
+%endif
 %{_javadir}/pki/pki-tks-%{version}.jar
 %{_javadir}/pki/pki-tks.jar
 %dir %{_datadir}/pki/tks
@@ -160,6 +197,9 @@
 
 
 %changelog
+* Tue Sep 6 2011 Ade Lee <alee redhat com> 9.0.5-1
+- Bugzilla Bug #699809 - Convert CS to use systemd
+
 * Tue Aug 23 2011 Ade Lee <alee redhat com> 9.0.4-1
 - Bugzilla Bug #712931 - CS requires too many ports
   to be open in the FW
Index: pki/specs/pki-ocsp.spec
===================================================================
--- pki/specs/pki-ocsp.spec	(revision 2193)
+++ pki/specs/pki-ocsp.spec	(working copy)
@@ -1,5 +1,5 @@
 Name:             pki-ocsp
-Version:          9.0.4
+Version:          9.0.5
 Release:          1%{?dist}
 Summary:          Certificate System - Online Certificate Status Protocol Manager
 URL:              http://pki.fedoraproject.org/
@@ -18,15 +18,26 @@
 BuildRequires:    nss-devel
 BuildRequires:    pki-common
 BuildRequires:    pki-util
+%if 0%{?fedora} >= 16
+BuildRequires:    systemd-units
+%endif
 
 Requires:         java >= 1:1.6.0
 Requires:         pki-common
 Requires:         pki-ocsp-theme
 Requires:         pki-selinux
+
+%if 0%{?fedora} >= 16
+Requires(post):   systemd-units
+Requires(preun):  systemd-units
+Requires(postun): systemd-units
+%else 
 Requires(post):   chkconfig
 Requires(preun):  chkconfig
 Requires(preun):  initscripts
 Requires(postun): initscripts
+%endif
+
 %if 0%{?fedora} >= 15
 # Details:
 #
@@ -124,7 +135,14 @@
 echo "D /var/run/pki/ocsp 0755 root root -"  >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
 %endif
 
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
 
+%if 0%{?fedora} < 16
 %post
 # This adds the proper /etc/rc*.d links for the script
 /sbin/chkconfig --add pki-ocspd || :
@@ -142,11 +160,35 @@
     /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
 fi
 
+%else 
+%post 
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ 
+%preun 
+if [ $1 = 0 ] ; then
+    /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
+    /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
+fi
 
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+    /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
+fi
+%endif
+
+
 %files
 %defattr(-,root,root,-)
 %doc base/ocsp/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{_unitdir}/pki-ocspd  service
+%{_unitdir}/pki-ocspd.target
+%else 
 %{_initrddir}/pki-ocspd
+%endif
 %{_javadir}/pki/pki-ocsp-%{version}.jar
 %{_javadir}/pki/pki-ocsp.jar
 %dir %{_datadir}/pki/ocsp
@@ -166,6 +208,9 @@
 
 
 %changelog
+* Tue Sep 6 2011 Ade Lee <alee redhat com> 9.0.5-1
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
 * Tue Aug 23 2011 Ade Lee <alee redhat com> 9.0.4-1
 - Bugzilla Bug #712931 - CS requires too many ports
   to be open in the FW

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]