[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension



On Wed, Jan 07, 2015 at 05:48:26PM +0700, Endi Sukma Dewata wrote:
> On 1/7/2015 12:12 PM, Fraser Tweedale wrote:
> >>1. The upgrade script will run automatically when you install the RPM.
> >>There's no opt-out mechanism with automatic upgrade, so the behavior of
> >>existing instances will change. If this is not what we want, we should not
> >>add an upgrade script.
> >>
> >I defer to Christina in this.  If automatically turning on the
> >extension is not what customers want, we still want a way for them
> >to be able to do it easily.  Is there currently a way to leverage
> >the upgrade framework to do this?
> >
> >Perhaps there is scope to declare upgrade modules as automatic
> >(executed when invoked via RPM) and manual (executed when invoked
> >manually).  Or something like that.
> 
> Yes, see this ticket:
> https://fedorahosted.org/pki/ticket/1135
> 
> So the plan is to split structural and behavioral upgrade scripts.
> Structural upgrade is mandatory and executed automatically, while behavioral
> upgrade is optional. Your upgrade script seems to be a behavioral one. We
> probably can use the same upgrade framework, but the behavioral scripts will
> be put under a separate folder.
> 
> Also, since the script changes the CS.cfg, we should advise the admin to
> shutdown the server first to avoid corrupting the file. See:
> https://fedorahosted.org/pki/ticket/1163
> 
I split the patch into the original part and the upgrade script,
pushed the original part (master: 9e8c518), created ticket #1236 to
cover the upgrade aspect and closed #1189.

So more work is needed before the CS.cfg update can happen in a safe
way (#1163 in particular)?  I see that those tickets are for 10.3.
This change is non-urgent (after all, noone has complained or
possibly even noticed that the configuration was non-conformant), so
I think it is fine to wait until enough of #1135 and/or #1163 is in
place so that we can do the upgrade safely.

> -- 
> Endi S. Dewata


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]