[Pki-devel] [PATCH] 0105 Add pki-server ca-cert-db-upgrade command
Ade Lee
alee at redhat.com
Tue May 10 18:42:52 UTC 2016
The patch itself is fine.
I'm just struggling with where this script should exist.
pki-server ca-cert-db-upgrade seems like an awfully generic description
for this operation - which basically provides a very specific db
migration. For that matter, why not ca-db-upgrade?
What happens the next time someone needs to do a CA DB upgrade?
I'm almost wondering if a separate pki-db tool is needed.
For that matter though, its possible that the database is quite large
so attempting to do this automatically during upgrade is probably not
advisable.
Opening up for others to chime in ..
Ade
On Tue, 2016-05-10 at 08:32 +1000, Fraser Tweedale wrote:
> On Mon, May 09, 2016 at 04:06:46PM -0400, Ade Lee wrote:
> > Isn't all this predicated on a schema change that adds the issuer
> > as an
> > optional field for the certRecord?
> >
> The schema already exists but was unused.
>
> > Ade
> >
> > On Mon, 2016-05-09 at 17:15 +1000, Fraser Tweedale wrote:
> > > Hi all,
> > >
> > > The following patch adds a pki-server subcommand for updating
> > > certificate records to add the issuerName attribute.
> > >
> > > It is for #1667 (Database upgrade script to add issuerName
> > > attribute
> > > to all cert entries).
> > >
> > > Follow-up question: should I (and if so, how should I) also add
> > > an
> > > upgrade scriptlet to perform the upgrade for Dogtag CA subsystem
> > > on
> > > the host? Is there a precedent for invoking pki-server (or
> > > subroutines thereof) from pki-server-upgrade scriptlets?
> > >
> > > Cheers,
> > > Fraser
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list