[Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension
Endi Sukma Dewata
edewata at redhat.com
Wed Jan 7 10:48:26 UTC 2015
On 1/7/2015 12:12 PM, Fraser Tweedale wrote:
>> 1. The upgrade script will run automatically when you install the RPM.
>> There's no opt-out mechanism with automatic upgrade, so the behavior of
>> existing instances will change. If this is not what we want, we should not
>> add an upgrade script.
>>
> I defer to Christina in this. If automatically turning on the
> extension is not what customers want, we still want a way for them
> to be able to do it easily. Is there currently a way to leverage
> the upgrade framework to do this?
>
> Perhaps there is scope to declare upgrade modules as automatic
> (executed when invoked via RPM) and manual (executed when invoked
> manually). Or something like that.
Yes, see this ticket:
https://fedorahosted.org/pki/ticket/1135
So the plan is to split structural and behavioral upgrade scripts.
Structural upgrade is mandatory and executed automatically, while
behavioral upgrade is optional. Your upgrade script seems to be a
behavioral one. We probably can use the same upgrade framework, but the
behavioral scripts will be put under a separate folder.
Also, since the script changes the CS.cfg, we should advise the admin to
shutdown the server first to avoid corrupting the file. See:
https://fedorahosted.org/pki/ticket/1163
--
Endi S. Dewata
More information about the Pki-devel
mailing list