[Pki-devel] [PATCH] 0105 Add pki-server ca-cert-db-upgrade command

[Fraser Tweedale]

On Tue, May 10, 2016 at 02:42:52PM -0400, Ade Lee wrote:
> The patch itself is fine.
> 
> I'm just struggling with where this script should exist.
> 
> pki-server ca-cert-db-upgrade seems like an awfully generic description
> for this operation - which basically provides a very specific db
> migration.  For that matter, why not ca-db-upgrade?
> 
> What happens the next time someone needs to do a CA DB upgrade?
> I'm almost wondering if a separate pki-db tool is needed.
> 
> For that matter though, its possible that the database is quite large
> so attempting to do this automatically during upgrade is probably not
> advisable.
> 
What's the most certs you could imagine?  Perhaps some empirical
testing is warranted.

> Opening up for others to chime in ..
> 
> Ade
> 
> On Tue, 2016-05-10 at 08:32 +1000, Fraser Tweedale wrote:
> > On Mon, May 09, 2016 at 04:06:46PM -0400, Ade Lee wrote:
> > > Isn't all this predicated on a schema change that adds the issuer
> > > as an
> > > optional field for the certRecord?
> > > 
> > The schema already exists but was unused.
> > 
> > > Ade
> > > 
> > > On Mon, 2016-05-09 at 17:15 +1000, Fraser Tweedale wrote:
> > > > Hi all,
> > > > 
> > > > The following patch adds a pki-server subcommand for updating
> > > > certificate records to add the issuerName attribute.
> > > > 
> > > > It is for #1667 (Database upgrade script to add issuerName
> > > > attribute
> > > > to all cert entries).
> > > > 
> > > > Follow-up question: should I (and if so, how should I) also add
> > > > an
> > > > upgrade scriptlet to perform the upgrade for Dogtag CA subsystem
> > > > on
> > > > the host?  Is there a precedent for invoking pki-server (or
> > > > subroutines thereof) from pki-server-upgrade scriptlets?
> > > > 
> > > > Cheers,
> > > > Fraser
> > > > _______________________________________________
> > > > Pki-devel mailing list
> > > > Pki-devel at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/pki-devel