[Pki-devel] [PATCH] PKI Deployment Framework (20120716) ERRATA

Matthew Harmsen mharmsen at redhat.com
Thu Jul 19 08:57:28 UTC 2012 

*NOTE:  Due to the complexity of these patches, and as they are in the 
midst of the review process, I would greatly appreciate it if no more 
patches are applied to
       the 'master' until such time as all of these patches may be 
checked in (to avoid any additional merge conflicts).
*
This patch documents continued implementation of the PKI Deployment 
Framework based upon the revised filesystem layout documented here:

    * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS

This patch must be applied *AFTER* the following three patches (for 
convenience, all four patches have been attached to this email):

    * [Patch] Port 'tomcatjss' from Tomcat 6 to Tomcat 7 . . .
    * [PATCH] PKI Deployment Framework (20120716)
    * [PATCH] PKI Deployment Framework Admin Certificate PKCS12 File"

The following patch adds/corrects functionality of the existing PKI 
Deployment Framework including (but not limited to):

    * In 'catalina.properties', removed commented out jars for each of
      the subsystems in the 'common.loader'
    * In 'server.xml', removed the line containing a '1'
    * Moved all parameters from the [Mandatory] and [Optional] sections
      of the 'pkideployment.cfg' file to other more appropriate sections
      (e.g. - [Common], [CA], [KRA], etc.),  and removed these sections
      and all of their associated logic from the 'pki-deploy' package
    * Resolved Dogtag TRAC Ticket #225
      Dogtag 10: Move "pkispawn"/"pkidestroy" logs
    * Removed all security domain references from external CA logic
    * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg'
      file, and applied logic throughout 'pki-deploy'
    * Added new error message in the case of an unset DNS domain name,
      and replaced the log message with a simple print in the case of a
      'domainname' exception

To test this patch, follow the procedure documented in "[PATCH] PKI 
Deployment Framework Admin Certificate PKCS12 File".

NOTE:  All patches listed above have been successfully tested on a 
64-bit Fedora 17 host - there is one minor correct that will need to be 
made to 'pkidestroy',
       as it failed to remove the instance directory under '/var/log/pki'.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tomcatjss.diffs
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-PKI-Deployment-Scriptlets.patch
Type: text/x-patch
Size: 458794 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0010-PKI-Deployment-Scriptlets-Admin-Certificate-PKCS12-File.patch
Type: text/x-patch
Size: 27207 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0011-PKI-Deployment-Scriptlets-20120716-Errata.patch
Type: text/x-patch
Size: 37289 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120719/b151f156/attachment-0002.bin>

More information about the Pki-devel mailing list