[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension



On 1/7/2015 12:12 PM, Fraser Tweedale wrote:
1. The upgrade script will run automatically when you install the RPM.
There's no opt-out mechanism with automatic upgrade, so the behavior of
existing instances will change. If this is not what we want, we should not
add an upgrade script.

I defer to Christina in this.  If automatically turning on the
extension is not what customers want, we still want a way for them
to be able to do it easily.  Is there currently a way to leverage
the upgrade framework to do this?

Perhaps there is scope to declare upgrade modules as automatic
(executed when invoked via RPM) and manual (executed when invoked
manually).  Or something like that.

Yes, see this ticket:
https://fedorahosted.org/pki/ticket/1135

So the plan is to split structural and behavioral upgrade scripts. Structural upgrade is mandatory and executed automatically, while behavioral upgrade is optional. Your upgrade script seems to be a behavioral one. We probably can use the same upgrade framework, but the behavioral scripts will be put under a separate folder.

Also, since the script changes the CS.cfg, we should advise the admin to shutdown the server first to avoid corrupting the file. See:
https://fedorahosted.org/pki/ticket/1163

--
Endi S. Dewata


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]