[Pki-devel] [PATCH] PKI Deployment Framework (20120716) ERRATA
Matthew Harmsen
mharmsen at redhat.com
Thu Jul 19 08:57:28 UTC 2012
*NOTE: Due to the complexity of these patches, and as they are in the
midst of the review process, I would greatly appreciate it if no more
patches are applied to
the 'master' until such time as all of these patches may be
checked in (to avoid any additional merge conflicts).
*
This patch documents continued implementation of the PKI Deployment
Framework based upon the revised filesystem layout documented here:
* http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS
This patch must be applied *AFTER* the following three patches (for
convenience, all four patches have been attached to this email):
* [Patch] Port 'tomcatjss' from Tomcat 6 to Tomcat 7 . . .
* [PATCH] PKI Deployment Framework (20120716)
* [PATCH] PKI Deployment Framework Admin Certificate PKCS12 File"
The following patch adds/corrects functionality of the existing PKI
Deployment Framework including (but not limited to):
* In 'catalina.properties', removed commented out jars for each of
the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional] sections
of the 'pkideployment.cfg' file to other more appropriate sections
(e.g. - [Common], [CA], [KRA], etc.), and removed these sections
and all of their associated logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from external CA logic
* Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg'
file, and applied logic throughout 'pki-deploy'
* Added new error message in the case of an unset DNS domain name,
and replaced the log message with a simple print in the case of a
'domainname' exception
To test this patch, follow the procedure documented in "[PATCH] PKI
Deployment Framework Admin Certificate PKCS12 File".
NOTE: All patches listed above have been successfully tested on a
64-bit Fedora 17 host - there is one minor correct that will need to be
made to 'pkidestroy',
as it failed to remove the instance directory under '/var/log/pki'.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tomcatjss.diffs
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-PKI-Deployment-Scriptlets.patch
Type: text/x-patch
Size: 458794 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0010-PKI-Deployment-Scriptlets-Admin-Certificate-PKCS12-File.patch
Type: text/x-patch
Size: 27207 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0011-PKI-Deployment-Scriptlets-20120716-Errata.patch
Type: text/x-patch
Size: 37289 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment-0002.bin>
More information about the Pki-devel
mailing list