From cjbrown at mitre.org Tue Feb 3 14:19:15 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Tue, 3 Feb 2009 09:19:15 -0500 Subject: [Pki-users] building dogtag Message-ID: I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From sean.veale at gdc4s.com Tue Feb 3 14:26:10 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Tue, 3 Feb 2009 09:26:10 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: I would check to see if you have later package installed (yes I know the message says >=). I found on a clean install of fedora 9 where I did a Yum upgrade on the system and then followed the build instructions I had problems with dependencies where the packkages being too new. I then had to uninstall the offending packages and thier dependencies. When I did a yum it picked up the right dependencies. I.e. the steps I did was rpm -q to see what I had. yum install check the log to see what errors I recieved. yum erases yum install as this would also pick up the depencies. Sean ________________________________ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Tuesday, February 03, 2009 9:19 AM To: pki-users at redhat.com Subject: [Pki-users] building dogtag I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean.veale at gdc4s.com Tue Feb 3 14:26:10 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Tue, 3 Feb 2009 09:26:10 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: I would check to see if you have later package installed (yes I know the message says >=). I found on a clean install of fedora 9 where I did a Yum upgrade on the system and then followed the build instructions I had problems with dependencies where the packkages being too new. I then had to uninstall the offending packages and thier dependencies. When I did a yum it picked up the right dependencies. I.e. the steps I did was rpm -q to see what I had. yum install check the log to see what errors I recieved. yum erases yum install as this would also pick up the depencies. Sean ________________________________ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Tuesday, February 03, 2009 9:19 AM To: pki-users at redhat.com Subject: [Pki-users] building dogtag I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From cjbrown at mitre.org Tue Feb 3 15:20:56 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Tue, 3 Feb 2009 10:20:56 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: I tried erasing and installing the offending packages, but the packages still were not at the right version: []sudo yum info nss-devel Installed Packages Name : nss-devel Arch : i386 Version: 3.11.7 Release: 10.fc8 Size : 950 k Repo : installed From: Veale, Sean [mailto:sean.veale at gdc4s.com] Sent: Tuesday, February 03, 2009 9:26 AM To: Brown, Chris; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I would check to see if you have later package installed (yes I know the message says >=). I found on a clean install of fedora 9 where I did a Yum upgrade on the system and then followed the build instructions I had problems with dependencies where the packkages being too new. I then had to uninstall the offending packages and thier dependencies. When I did a yum it picked up the right dependencies. I.e. the steps I did was rpm -q to see what I had. yum install check the log to see what errors I recieved. yum erases yum install as this would also pick up the depencies. Sean _____ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Tuesday, February 03, 2009 9:19 AM To: pki-users at redhat.com Subject: [Pki-users] building dogtag I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From bob.lord at gmail.com Tue Feb 3 17:44:01 2009 From: bob.lord at gmail.com (Bob Lord) Date: Tue, 3 Feb 2009 09:44:01 -0800 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: Hi Sean, If you have not already done so, would you be able to update the wiki pages with your corrections/additions? /B On Tue, Feb 3, 2009 at 6:26 AM, Veale, Sean wrote: > I would check to see if you have later package installed (yes I know the > message says >=). I found on a clean install of fedora 9 where I did a Yum > upgrade on the system and then followed the build instructions I had > problems with dependencies where the packkages being too new. I then had to > uninstall the offending packages and thier dependencies. When I did a yum > it picked up the right dependencies. > > I.e. the steps I did was > > rpm -q to see what I had. > > yum install check the log to see what errors I recieved. > > yum erases > > yum install as this would also pick up the depencies. > > Sean > ________________________________ > From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On > Behalf Of Brown, Chris > Sent: Tuesday, February 03, 2009 9:19 AM > To: pki-users at redhat.com > Subject: [Pki-users] building dogtag > > I am trying to build dogtag from the latest SVN trunk using the default > Fedora 8 installation. While running the build_pki script, I receive the > following unmet dependencies: > > > > [exec] error: Failed build dependencies: > > [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 > > [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 > > [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 > > > > I've tried to update these rpms, but there are no updates available for > Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks > > > > > > > > > > > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > > From Jan.Meijer at uninett.no Wed Feb 4 10:25:55 2009 From: Jan.Meijer at uninett.no (Jan Meijer) Date: Wed, 4 Feb 2009 11:25:55 +0100 (CET) Subject: [Pki-users] Autoenrollment with Dogtag In-Reply-To: <20090120093550.E44F81A003A@smtp.hushmail.com> References: <20090120093550.E44F81A003A@smtp.hushmail.com> Message-ID: Hi Christoffer, On Tue, 20 Jan 2009, Christoffer Str?mblad wrote: > As part of a future project I will be implementing a PKI using > Dogtag. The company is interested in having autoenrollment > functionality for their Linux-desktops. From what I've read I seem > to find no indication that this functionality is provided. > > Is there a way to have a computer/user to be automatically provided > with a certificate upon "notice" through SCEP? What options are > available? I wouldn't know about SCEP but for my project I plan to use the CMCenroll functionality. You create a signed CMC request (signed by the certificate of an enrollment agent) using for example CMCEnroll (command line utility), ship that to the CA into the right certificate profile, and you get a certificate in return. I'm using intermediate software for the conversation with the CA though, I don't know if this would fit your purpose. Check the command line tools guide. http://www.redhat.com.mt/docs/manuals/cert-system/ -- Jan From cjbrown at mitre.org Wed Feb 4 18:33:02 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Wed, 4 Feb 2009 13:33:02 -0500 Subject: [Pki-users] building dogtag References: Message-ID: I believe I've resolved my package versioning problems, but I've ran into another one. It seems while building the pki-selinux rpm, there's an error. Has anyone ever seen this? [echo] Completed creating 'pki-selinux' RPM directories. [echo] Building 'pki-selinux' RPMS and SRPMS ... [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 [exec] + umask 022 [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD [exec] + LANG=C [exec] + export LANG [exec] + unset DISPLAY [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD [exec] + rm -rf pki-selinux-1.0.0 [exec] + /usr/bin/gzip -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux-1.0. 0.tar.gz [exec] + tar -xf - [exec] + STATUS=0 [exec] + '[' 0 -ne 0 ']' [exec] + cd pki-selinux-1.0.0 [exec] ++ /usr/bin/id -u [exec] + '[' 500 = 0 ']' [exec] ++ /usr/bin/id -u [exec] + '[' 500 = 0 ']' [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . [exec] + exit 0 [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 [exec] + umask 022 [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD [exec] + cd pki-selinux-1.0.0 [exec] + LANG=C [exec] + export LANG [exec] + unset DISPLAY [exec] + cd src [exec] + make [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo "You need to install the SELinux development tools (selinux-policy-devel)" && exit 1; fi [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; [exec] make[1]: Entering directory `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selin ux-1.0.0/src' [exec] Compiling mls pki module [exec] pki.te":15:ERROR 'syntax error' at token 'init_script_file' on line 4808: [exec] init_script_file(pki_ca_script_exec_t) [exec] #line 15 [exec] /usr/bin/checkmodule: error(s) encountered while parsing configuration [exec] /usr/bin/checkmodule: loading policy configuration from tmp/pki.tmp [exec] make[1]: *** [tmp/pki.mod] Error 1 [exec] make[1]: Leaving directory `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selin ux-1.0.0/src' [exec] [exec] [exec] RPM build errors: [exec] make: *** [all] Error 1 [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (%build) [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) [exec] Result: 1 [echo] Completed building 'pki-selinux' RPMS and SRPMS. [echo] Removing various 'pki-selinux' RPM directories and files ... [delete] Deleting directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD [echo] Completed removing various 'pki-selinux' RPM directories and files. [echo] Completed generating 'pki-selinux' RPMS and SRPMS. From: Brown, Chris Sent: Tuesday, February 03, 2009 10:21 AM To: 'Veale, Sean'; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I tried erasing and installing the offending packages, but the packages still were not at the right version: []sudo yum info nss-devel Installed Packages Name : nss-devel Arch : i386 Version: 3.11.7 Release: 10.fc8 Size : 950 k Repo : installed From: Veale, Sean [mailto:sean.veale at gdc4s.com] Sent: Tuesday, February 03, 2009 9:26 AM To: Brown, Chris; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I would check to see if you have later package installed (yes I know the message says >=). I found on a clean install of fedora 9 where I did a Yum upgrade on the system and then followed the build instructions I had problems with dependencies where the packkages being too new. I then had to uninstall the offending packages and thier dependencies. When I did a yum it picked up the right dependencies. I.e. the steps I did was rpm -q to see what I had. yum install check the log to see what errors I recieved. yum erases yum install as this would also pick up the depencies. Sean _____ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Tuesday, February 03, 2009 9:19 AM To: pki-users at redhat.com Subject: [Pki-users] building dogtag I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From sean.veale at gdc4s.com Wed Feb 4 19:23:25 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Wed, 4 Feb 2009 14:23:25 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: I haven't but there has been a lot of activity recently on the pki-commits user group where a decent amount of changes have been checked in. Subscribe to PKI-commits to see that traffic pki-commits at redhat.com I would log a bug for this in the bugilliza database. http://pki.fedoraproject.org/wiki/PKI_Bugs#Bugzilla_Bug_Database Sean ________________________________ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Wednesday, February 04, 2009 1:33 PM To: pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I believe I've resolved my package versioning problems, but I've ran into another one. It seems while building the pki-selinux rpm, there's an error. Has anyone ever seen this? [echo] Completed creating 'pki-selinux' RPM directories. [echo] Building 'pki-selinux' RPMS and SRPMS ... [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 [exec] + umask 022 [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD [exec] + LANG=C [exec] + export LANG [exec] + unset DISPLAY [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD [exec] + rm -rf pki-selinux-1.0.0 [exec] + /usr/bin/gzip -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux- 1.0.0.tar.gz [exec] + tar -xf - [exec] + STATUS=0 [exec] + '[' 0 -ne 0 ']' [exec] + cd pki-selinux-1.0.0 [exec] ++ /usr/bin/id -u [exec] + '[' 500 = 0 ']' [exec] ++ /usr/bin/id -u [exec] + '[' 500 = 0 ']' [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . [exec] + exit 0 [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 [exec] + umask 022 [exec] + cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD [exec] + cd pki-selinux-1.0.0 [exec] + LANG=C [exec] + export LANG [exec] + unset DISPLAY [exec] + cd src [exec] + make [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo "You need to install the SELinux development tools (selinux-policy-devel)" && exit 1; fi [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; [exec] make[1]: Entering directory `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-s elinux-1.0.0/src' [exec] Compiling mls pki module [exec] pki.te":15:ERROR 'syntax error' at token 'init_script_file' on line 4808: [exec] init_script_file(pki_ca_script_exec_t) [exec] #line 15 [exec] /usr/bin/checkmodule: error(s) encountered while parsing configuration [exec] /usr/bin/checkmodule: loading policy configuration from tmp/pki.tmp [exec] make[1]: *** [tmp/pki.mod] Error 1 [exec] make[1]: Leaving directory `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-s elinux-1.0.0/src' [exec] [exec] [exec] RPM build errors: [exec] make: *** [all] Error 1 [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (%build) [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) [exec] Result: 1 [echo] Completed building 'pki-selinux' RPMS and SRPMS. [echo] Removing various 'pki-selinux' RPM directories and files ... [delete] Deleting directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD [echo] Completed removing various 'pki-selinux' RPM directories and files. [echo] Completed generating 'pki-selinux' RPMS and SRPMS. From: Brown, Chris Sent: Tuesday, February 03, 2009 10:21 AM To: 'Veale, Sean'; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I tried erasing and installing the offending packages, but the packages still were not at the right version: []sudo yum info nss-devel Installed Packages Name : nss-devel Arch : i386 Version: 3.11.7 Release: 10.fc8 Size : 950 k Repo : installed From: Veale, Sean [mailto:sean.veale at gdc4s.com] Sent: Tuesday, February 03, 2009 9:26 AM To: Brown, Chris; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag I would check to see if you have later package installed (yes I know the message says >=). I found on a clean install of fedora 9 where I did a Yum upgrade on the system and then followed the build instructions I had problems with dependencies where the packkages being too new. I then had to uninstall the offending packages and thier dependencies. When I did a yum it picked up the right dependencies. I.e. the steps I did was rpm -q to see what I had. yum install check the log to see what errors I recieved. yum erases yum install as this would also pick up the depencies. Sean ________________________________ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Tuesday, February 03, 2009 9:19 AM To: pki-users at redhat.com Subject: [Pki-users] building dogtag I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From alee at redhat.com Wed Feb 4 19:49:52 2009 From: alee at redhat.com (Ade Lee) Date: Wed, 04 Feb 2009 14:49:52 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: Message-ID: <1233776993.14710.2.camel@localhost.localdomain> Someone has run into this. See the resolution at https://bugzilla.redhat.com/show_bug.cgi?id=483742 I will update the build dependencies in the next day or so. Ade On Wed, 2009-02-04 at 14:23 -0500, Veale, Sean wrote: > I haven't but there has been a lot of activity recently on the > pki-commits user group where a decent amount of changes have been > checked in. Subscribe to PKI-commits to see that traffic > > pki-commits at redhat.com > > I would log a bug for this in the bugilliza database. > http://pki.fedoraproject.org/wiki/PKI_Bugs#Bugzilla_Bug_Database > > Sean > > > > ______________________________________________________________________ > From: pki-users-bounces at redhat.com > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > Sent: Wednesday, February 04, 2009 1:33 PM > To: pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > I believe I?ve resolved my package versioning problems, but I?ve ran > into another one. It seems while building the pki-selinux rpm, > there?s an error. Has anyone ever seen this? > > > > [echo] Completed creating 'pki-selinux' RPM directories. > > [echo] Building 'pki-selinux' RPMS and SRPMS ... > > [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 > > [exec] + umask 022 > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > [exec] + LANG=C > > [exec] + export LANG > > [exec] + unset DISPLAY > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > [exec] + rm -rf pki-selinux-1.0.0 > > [exec] + /usr/bin/gzip > -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux-1.0.0.tar.gz > > [exec] + tar -xf - > > [exec] + STATUS=0 > > [exec] + '[' 0 -ne 0 ']' > > [exec] + cd pki-selinux-1.0.0 > > [exec] ++ /usr/bin/id -u > > [exec] + '[' 500 = 0 ']' > > [exec] ++ /usr/bin/id -u > > [exec] + '[' 500 = 0 ']' > > [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > > [exec] + exit 0 > > [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 > > [exec] + umask 022 > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > [exec] + cd pki-selinux-1.0.0 > > [exec] + LANG=C > > [exec] + export LANG > > [exec] + unset DISPLAY > > [exec] + cd src > > [exec] + make > > [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo > "You need to install the SELinux development tools > (selinux-policy-devel)" && exit 1; fi > > [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; > > [exec] make[1]: Entering directory > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > [exec] Compiling mls pki module > > [exec] pki.te":15:ERROR 'syntax error' at token > 'init_script_file' on line 4808: > > [exec] init_script_file(pki_ca_script_exec_t) > > [exec] #line 15 > > [exec] /usr/bin/checkmodule: error(s) encountered while parsing > configuration > > [exec] /usr/bin/checkmodule: loading policy configuration from > tmp/pki.tmp > > [exec] make[1]: *** [tmp/pki.mod] Error 1 > > [exec] make[1]: Leaving directory > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > [exec] > > [exec] > > [exec] RPM build errors: > > [exec] make: *** [all] Error 1 > > [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (% > build) > > [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) > > [exec] Result: 1 > > [echo] Completed building 'pki-selinux' RPMS and SRPMS. > > [echo] Removing various 'pki-selinux' RPM directories and > files ... > > [delete] Deleting > directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > [echo] Completed removing various 'pki-selinux' RPM directories > and files. > > [echo] Completed generating 'pki-selinux' RPMS and SRPMS. > > > > > > > > > > From: Brown, Chris > Sent: Tuesday, February 03, 2009 10:21 AM > To: 'Veale, Sean'; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > > I tried erasing and installing the offending packages, but the > packages still were not at the right version: > > > > []sudo yum info nss-devel > > Installed Packages > > Name : nss-devel > > Arch : i386 > > Version: 3.11.7 > > Release: 10.fc8 > > Size : 950 k > > Repo : installed > > > > From: Veale, Sean [mailto:sean.veale at gdc4s.com] > Sent: Tuesday, February 03, 2009 9:26 AM > To: Brown, Chris; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > > I would check to see if you have later package installed (yes I know > the message says >=). I found on a clean install of fedora 9 where I > did a Yum upgrade on the system and then followed the build > instructions I had problems with dependencies where the packkages > being too new. I then had to uninstall the offending packages and > thier dependencies. When I did a yum it picked up the > right dependencies. > > > > I.e. the steps I did was > > > > rpm -q to see what I had. > > > > yum install check the log to see what errors I > recieved. > > > > yum erases > > > > yum install as this would also pick up the depencies. > > > > Sean > > > > > ______________________________________________________________________ > From: pki-users-bounces at redhat.com > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > Sent: Tuesday, February 03, 2009 9:19 AM > To: pki-users at redhat.com > Subject: [Pki-users] building dogtag > > I am trying to build dogtag from the latest SVN trunk using the > default Fedora 8 installation. While running the build_pki script, I > receive the following unmet dependencies: > > > > [exec] error: Failed build dependencies: > > [exec] java-devel >= 1.6.0 is needed by > osutil-1.0.0-4.fc8.i386 > > [exec] nspr-devel >= 4.6.99 is needed by > osutil-1.0.0-4.fc8.i386 > > [exec] nss-devel >= 3.12.0 is needed by > osutil-1.0.0-4.fc8.i386 > > > > I?ve tried to update these rpms, but there are no updates available > for Fedora 8. Should I upgrade to Federa 9 to get these packages? > Thanks > > > > > > > > > > > > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users From cjbrown at mitre.org Thu Feb 5 13:54:00 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Thu, 5 Feb 2009 08:54:00 -0500 Subject: [Pki-users] building dogtag In-Reply-To: <1233776993.14710.2.camel@localhost.localdomain> References: <1233776993.14710.2.camel@localhost.localdomain> Message-ID: The bugfix mentions updating selinux-policy-devel to 2.4.6-203. I have selinux-policy-devel-3.3.1-42.fc9.noarchon my fedora 9 system. Should I really go back to the 2.4 version? -----Original Message----- From: Ade Lee [mailto:alee at redhat.com] Sent: Wednesday, February 04, 2009 2:50 PM To: Veale, Sean Cc: Brown, Chris; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag Someone has run into this. See the resolution at https://bugzilla.redhat.com/show_bug.cgi?id=483742 I will update the build dependencies in the next day or so. Ade On Wed, 2009-02-04 at 14:23 -0500, Veale, Sean wrote: > I haven't but there has been a lot of activity recently on the > pki-commits user group where a decent amount of changes have been > checked in. Subscribe to PKI-commits to see that traffic > > pki-commits at redhat.com > > I would log a bug for this in the bugilliza database. > http://pki.fedoraproject.org/wiki/PKI_Bugs#Bugzilla_Bug_Database > > Sean > > > > ______________________________________________________________________ > From: pki-users-bounces at redhat.com > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > Sent: Wednesday, February 04, 2009 1:33 PM > To: pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > I believe I?ve resolved my package versioning problems, but I?ve ran > into another one. It seems while building the pki-selinux rpm, > there?s an error. Has anyone ever seen this? > > > > [echo] Completed creating 'pki-selinux' RPM directories. > > [echo] Building 'pki-selinux' RPMS and SRPMS ... > > [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 > > [exec] + umask 022 > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > [exec] + LANG=C > > [exec] + export LANG > > [exec] + unset DISPLAY > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > [exec] + rm -rf pki-selinux-1.0.0 > > [exec] + /usr/bin/gzip > -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux-1.0.0.tar.gz > > [exec] + tar -xf - > > [exec] + STATUS=0 > > [exec] + '[' 0 -ne 0 ']' > > [exec] + cd pki-selinux-1.0.0 > > [exec] ++ /usr/bin/id -u > > [exec] + '[' 500 = 0 ']' > > [exec] ++ /usr/bin/id -u > > [exec] + '[' 500 = 0 ']' > > [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > > [exec] + exit 0 > > [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 > > [exec] + umask 022 > > [exec] + > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > [exec] + cd pki-selinux-1.0.0 > > [exec] + LANG=C > > [exec] + export LANG > > [exec] + unset DISPLAY > > [exec] + cd src > > [exec] + make > > [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo > "You need to install the SELinux development tools > (selinux-policy-devel)" && exit 1; fi > > [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; > > [exec] make[1]: Entering directory > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > [exec] Compiling mls pki module > > [exec] pki.te":15:ERROR 'syntax error' at token > 'init_script_file' on line 4808: > > [exec] init_script_file(pki_ca_script_exec_t) > > [exec] #line 15 > > [exec] /usr/bin/checkmodule: error(s) encountered while parsing > configuration > > [exec] /usr/bin/checkmodule: loading policy configuration from > tmp/pki.tmp > > [exec] make[1]: *** [tmp/pki.mod] Error 1 > > [exec] make[1]: Leaving directory > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > [exec] > > [exec] > > [exec] RPM build errors: > > [exec] make: *** [all] Error 1 > > [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (% > build) > > [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) > > [exec] Result: 1 > > [echo] Completed building 'pki-selinux' RPMS and SRPMS. > > [echo] Removing various 'pki-selinux' RPM directories and > files ... > > [delete] Deleting > directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > [echo] Completed removing various 'pki-selinux' RPM directories > and files. > > [echo] Completed generating 'pki-selinux' RPMS and SRPMS. > > > > > > > > > > From: Brown, Chris > Sent: Tuesday, February 03, 2009 10:21 AM > To: 'Veale, Sean'; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > > I tried erasing and installing the offending packages, but the > packages still were not at the right version: > > > > []sudo yum info nss-devel > > Installed Packages > > Name : nss-devel > > Arch : i386 > > Version: 3.11.7 > > Release: 10.fc8 > > Size : 950 k > > Repo : installed > > > > From: Veale, Sean [mailto:sean.veale at gdc4s.com] > Sent: Tuesday, February 03, 2009 9:26 AM > To: Brown, Chris; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > > > > I would check to see if you have later package installed (yes I know > the message says >=). I found on a clean install of fedora 9 where I > did a Yum upgrade on the system and then followed the build > instructions I had problems with dependencies where the packkages > being too new. I then had to uninstall the offending packages and > thier dependencies. When I did a yum it picked up the > right dependencies. > > > > I.e. the steps I did was > > > > rpm -q to see what I had. > > > > yum install check the log to see what errors I > recieved. > > > > yum erases > > > > yum install as this would also pick up the depencies. > > > > Sean > > > > > ______________________________________________________________________ > From: pki-users-bounces at redhat.com > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > Sent: Tuesday, February 03, 2009 9:19 AM > To: pki-users at redhat.com > Subject: [Pki-users] building dogtag > > I am trying to build dogtag from the latest SVN trunk using the > default Fedora 8 installation. While running the build_pki script, I > receive the following unmet dependencies: > > > > [exec] error: Failed build dependencies: > > [exec] java-devel >= 1.6.0 is needed by > osutil-1.0.0-4.fc8.i386 > > [exec] nspr-devel >= 4.6.99 is needed by > osutil-1.0.0-4.fc8.i386 > > [exec] nss-devel >= 3.12.0 is needed by > osutil-1.0.0-4.fc8.i386 > > > > I?ve tried to update these rpms, but there are no updates available > for Fedora 8. Should I upgrade to Federa 9 to get these packages? > Thanks > > > > > > > > > > > > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From alee at redhat.com Thu Feb 5 14:46:17 2009 From: alee at redhat.com (Ade Lee) Date: Thu, 05 Feb 2009 09:46:17 -0500 Subject: [Pki-users] building dogtag In-Reply-To: References: <1233776993.14710.2.camel@localhost.localdomain> Message-ID: <1233845177.14710.8.camel@localhost.localdomain> No, that is the version for fedora 8. Please update to the latest version on Fedora 9 - which is something close to 3.3.1-118 I believe. Ade On Thu, 2009-02-05 at 08:54 -0500, Brown, Chris wrote: > The bugfix mentions updating selinux-policy-devel to 2.4.6-203. I have selinux-policy-devel-3.3.1-42.fc9.noarchon my fedora 9 system. Should I really go back to the 2.4 version? > > -----Original Message----- > From: Ade Lee [mailto:alee at redhat.com] > Sent: Wednesday, February 04, 2009 2:50 PM > To: Veale, Sean > Cc: Brown, Chris; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > Someone has run into this. See the resolution at > https://bugzilla.redhat.com/show_bug.cgi?id=483742 > > I will update the build dependencies in the next day or so. > > Ade > > On Wed, 2009-02-04 at 14:23 -0500, Veale, Sean wrote: > > I haven't but there has been a lot of activity recently on the > > pki-commits user group where a decent amount of changes have been > > checked in. Subscribe to PKI-commits to see that traffic > > > > pki-commits at redhat.com > > > > I would log a bug for this in the bugilliza database. > > http://pki.fedoraproject.org/wiki/PKI_Bugs#Bugzilla_Bug_Database > > > > Sean > > > > > > > > ______________________________________________________________________ > > From: pki-users-bounces at redhat.com > > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > > Sent: Wednesday, February 04, 2009 1:33 PM > > To: pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > I believe I?ve resolved my package versioning problems, but I?ve ran > > into another one. It seems while building the pki-selinux rpm, > > there?s an error. Has anyone ever seen this? > > > > > > > > [echo] Completed creating 'pki-selinux' RPM directories. > > > > [echo] Building 'pki-selinux' RPMS and SRPMS ... > > > > [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 > > > > [exec] + umask 022 > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > > > [exec] + LANG=C > > > > [exec] + export LANG > > > > [exec] + unset DISPLAY > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > > > [exec] + rm -rf pki-selinux-1.0.0 > > > > [exec] + /usr/bin/gzip > > -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux-1.0.0.tar.gz > > > > [exec] + tar -xf - > > > > [exec] + STATUS=0 > > > > [exec] + '[' 0 -ne 0 ']' > > > > [exec] + cd pki-selinux-1.0.0 > > > > [exec] ++ /usr/bin/id -u > > > > [exec] + '[' 500 = 0 ']' > > > > [exec] ++ /usr/bin/id -u > > > > [exec] + '[' 500 = 0 ']' > > > > [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > > > > [exec] + exit 0 > > > > [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 > > > > [exec] + umask 022 > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > > > [exec] + cd pki-selinux-1.0.0 > > > > [exec] + LANG=C > > > > [exec] + export LANG > > > > [exec] + unset DISPLAY > > > > [exec] + cd src > > > > [exec] + make > > > > [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo > > "You need to install the SELinux development tools > > (selinux-policy-devel)" && exit 1; fi > > > > [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; > > > > [exec] make[1]: Entering directory > > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > > > [exec] Compiling mls pki module > > > > [exec] pki.te":15:ERROR 'syntax error' at token > > 'init_script_file' on line 4808: > > > > [exec] init_script_file(pki_ca_script_exec_t) > > > > [exec] #line 15 > > > > [exec] /usr/bin/checkmodule: error(s) encountered while parsing > > configuration > > > > [exec] /usr/bin/checkmodule: loading policy configuration from > > tmp/pki.tmp > > > > [exec] make[1]: *** [tmp/pki.mod] Error 1 > > > > [exec] make[1]: Leaving directory > > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > > > [exec] > > > > [exec] > > > > [exec] RPM build errors: > > > > [exec] make: *** [all] Error 1 > > > > [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (% > > build) > > > > [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) > > > > [exec] Result: 1 > > > > [echo] Completed building 'pki-selinux' RPMS and SRPMS. > > > > [echo] Removing various 'pki-selinux' RPM directories and > > files ... > > > > [delete] Deleting > > directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > > > [echo] Completed removing various 'pki-selinux' RPM directories > > and files. > > > > [echo] Completed generating 'pki-selinux' RPMS and SRPMS. > > > > > > > > > > > > > > > > > > > > From: Brown, Chris > > Sent: Tuesday, February 03, 2009 10:21 AM > > To: 'Veale, Sean'; pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > > > I tried erasing and installing the offending packages, but the > > packages still were not at the right version: > > > > > > > > []sudo yum info nss-devel > > > > Installed Packages > > > > Name : nss-devel > > > > Arch : i386 > > > > Version: 3.11.7 > > > > Release: 10.fc8 > > > > Size : 950 k > > > > Repo : installed > > > > > > > > From: Veale, Sean [mailto:sean.veale at gdc4s.com] > > Sent: Tuesday, February 03, 2009 9:26 AM > > To: Brown, Chris; pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > > > I would check to see if you have later package installed (yes I know > > the message says >=). I found on a clean install of fedora 9 where I > > did a Yum upgrade on the system and then followed the build > > instructions I had problems with dependencies where the packkages > > being too new. I then had to uninstall the offending packages and > > thier dependencies. When I did a yum it picked up the > > right dependencies. > > > > > > > > I.e. the steps I did was > > > > > > > > rpm -q to see what I had. > > > > > > > > yum install check the log to see what errors I > > recieved. > > > > > > > > yum erases > > > > > > > > yum install as this would also pick up the depencies. > > > > > > > > Sean > > > > > > > > > > ______________________________________________________________________ > > From: pki-users-bounces at redhat.com > > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > > Sent: Tuesday, February 03, 2009 9:19 AM > > To: pki-users at redhat.com > > Subject: [Pki-users] building dogtag > > > > I am trying to build dogtag from the latest SVN trunk using the > > default Fedora 8 installation. While running the build_pki script, I > > receive the following unmet dependencies: > > > > > > > > [exec] error: Failed build dependencies: > > > > [exec] java-devel >= 1.6.0 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > [exec] nspr-devel >= 4.6.99 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > [exec] nss-devel >= 3.12.0 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > > > > > I?ve tried to update these rpms, but there are no updates available > > for Fedora 8. Should I upgrade to Federa 9 to get these packages? > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > From cjbrown at mitre.org Fri Feb 6 12:23:41 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Fri, 6 Feb 2009 07:23:41 -0500 Subject: [Pki-users] building dogtag In-Reply-To: <1233845177.14710.8.camel@localhost.localdomain> References: <1233776993.14710.2.camel@localhost.localdomain> <1233845177.14710.8.camel@localhost.localdomain> Message-ID: Thanks. That worked. -----Original Message----- From: Ade Lee [mailto:alee at redhat.com] Sent: Thursday, February 05, 2009 9:46 AM To: Brown, Chris Cc: Veale, Sean; pki-users at redhat.com Subject: RE: [Pki-users] building dogtag No, that is the version for fedora 8. Please update to the latest version on Fedora 9 - which is something close to 3.3.1-118 I believe. Ade On Thu, 2009-02-05 at 08:54 -0500, Brown, Chris wrote: > The bugfix mentions updating selinux-policy-devel to 2.4.6-203. I have selinux-policy-devel-3.3.1-42.fc9.noarchon my fedora 9 system. Should I really go back to the 2.4 version? > > -----Original Message----- > From: Ade Lee [mailto:alee at redhat.com] > Sent: Wednesday, February 04, 2009 2:50 PM > To: Veale, Sean > Cc: Brown, Chris; pki-users at redhat.com > Subject: RE: [Pki-users] building dogtag > > Someone has run into this. See the resolution at > https://bugzilla.redhat.com/show_bug.cgi?id=483742 > > I will update the build dependencies in the next day or so. > > Ade > > On Wed, 2009-02-04 at 14:23 -0500, Veale, Sean wrote: > > I haven't but there has been a lot of activity recently on the > > pki-commits user group where a decent amount of changes have been > > checked in. Subscribe to PKI-commits to see that traffic > > > > pki-commits at redhat.com > > > > I would log a bug for this in the bugilliza database. > > http://pki.fedoraproject.org/wiki/PKI_Bugs#Bugzilla_Bug_Database > > > > Sean > > > > > > > > ______________________________________________________________________ > > From: pki-users-bounces at redhat.com > > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > > Sent: Wednesday, February 04, 2009 1:33 PM > > To: pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > I believe I?ve resolved my package versioning problems, but I?ve ran > > into another one. It seems while building the pki-selinux rpm, > > there?s an error. Has anyone ever seen this? > > > > > > > > [echo] Completed creating 'pki-selinux' RPM directories. > > > > [echo] Building 'pki-selinux' RPMS and SRPMS ... > > > > [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.43161 > > > > [exec] + umask 022 > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > > > [exec] + LANG=C > > > > [exec] + export LANG > > > > [exec] + unset DISPLAY > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > > > [exec] + rm -rf pki-selinux-1.0.0 > > > > [exec] + /usr/bin/gzip > > -dc /home/chris/dogtag-src/release/pki/base/selinux/dist/source/pki-selinux-1.0.0.tar.gz > > > > [exec] + tar -xf - > > > > [exec] + STATUS=0 > > > > [exec] + '[' 0 -ne 0 ']' > > > > [exec] + cd pki-selinux-1.0.0 > > > > [exec] ++ /usr/bin/id -u > > > > [exec] + '[' 500 = 0 ']' > > > > [exec] ++ /usr/bin/id -u > > > > [exec] + '[' 500 = 0 ']' > > > > [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > > > > [exec] + exit 0 > > > > [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.43161 > > > > [exec] + umask 022 > > > > [exec] + > > cd /home/chris/dogtag-src/release/pki/base/selinux/./dist/rpmpkg/BUILD > > > > [exec] + cd pki-selinux-1.0.0 > > > > [exec] + LANG=C > > > > [exec] + export LANG > > > > [exec] + unset DISPLAY > > > > [exec] + cd src > > > > [exec] + make > > > > [exec] if [ ! -e /usr/share/selinux/devel/Makefile ]; then echo > > "You need to install the SELinux development tools > > (selinux-policy-devel)" && exit 1; fi > > > > [exec] make -f /usr/share/selinux/devel/Makefile || exit 1; > > > > [exec] make[1]: Entering directory > > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > > > [exec] Compiling mls pki module > > > > [exec] pki.te":15:ERROR 'syntax error' at token > > 'init_script_file' on line 4808: > > > > [exec] init_script_file(pki_ca_script_exec_t) > > > > [exec] #line 15 > > > > [exec] /usr/bin/checkmodule: error(s) encountered while parsing > > configuration > > > > [exec] /usr/bin/checkmodule: loading policy configuration from > > tmp/pki.tmp > > > > [exec] make[1]: *** [tmp/pki.mod] Error 1 > > > > [exec] make[1]: Leaving directory > > `/home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD/pki-selinux-1.0.0/src' > > > > [exec] > > > > [exec] > > > > [exec] RPM build errors: > > > > [exec] make: *** [all] Error 1 > > > > [exec] error: Bad exit status from /var/tmp/rpm-tmp.43161 (% > > build) > > > > [exec] Bad exit status from /var/tmp/rpm-tmp.43161 (%build) > > > > [exec] Result: 1 > > > > [echo] Completed building 'pki-selinux' RPMS and SRPMS. > > > > [echo] Removing various 'pki-selinux' RPM directories and > > files ... > > > > [delete] Deleting > > directory /home/chris/dogtag-src/release/pki/base/selinux/dist/rpmpkg/BUILD > > > > [echo] Completed removing various 'pki-selinux' RPM directories > > and files. > > > > [echo] Completed generating 'pki-selinux' RPMS and SRPMS. > > > > > > > > > > > > > > > > > > > > From: Brown, Chris > > Sent: Tuesday, February 03, 2009 10:21 AM > > To: 'Veale, Sean'; pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > > > I tried erasing and installing the offending packages, but the > > packages still were not at the right version: > > > > > > > > []sudo yum info nss-devel > > > > Installed Packages > > > > Name : nss-devel > > > > Arch : i386 > > > > Version: 3.11.7 > > > > Release: 10.fc8 > > > > Size : 950 k > > > > Repo : installed > > > > > > > > From: Veale, Sean [mailto:sean.veale at gdc4s.com] > > Sent: Tuesday, February 03, 2009 9:26 AM > > To: Brown, Chris; pki-users at redhat.com > > Subject: RE: [Pki-users] building dogtag > > > > > > > > > > I would check to see if you have later package installed (yes I know > > the message says >=). I found on a clean install of fedora 9 where I > > did a Yum upgrade on the system and then followed the build > > instructions I had problems with dependencies where the packkages > > being too new. I then had to uninstall the offending packages and > > thier dependencies. When I did a yum it picked up the > > right dependencies. > > > > > > > > I.e. the steps I did was > > > > > > > > rpm -q to see what I had. > > > > > > > > yum install check the log to see what errors I > > recieved. > > > > > > > > yum erases > > > > > > > > yum install as this would also pick up the depencies. > > > > > > > > Sean > > > > > > > > > > ______________________________________________________________________ > > From: pki-users-bounces at redhat.com > > [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris > > Sent: Tuesday, February 03, 2009 9:19 AM > > To: pki-users at redhat.com > > Subject: [Pki-users] building dogtag > > > > I am trying to build dogtag from the latest SVN trunk using the > > default Fedora 8 installation. While running the build_pki script, I > > receive the following unmet dependencies: > > > > > > > > [exec] error: Failed build dependencies: > > > > [exec] java-devel >= 1.6.0 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > [exec] nspr-devel >= 4.6.99 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > [exec] nss-devel >= 3.12.0 is needed by > > osutil-1.0.0-4.fc8.i386 > > > > > > > > I?ve tried to update these rpms, but there are no updates available > > for Fedora 8. Should I upgrade to Federa 9 to get these packages? > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From sean.veale at gdc4s.com Mon Feb 9 20:02:00 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Mon, 9 Feb 2009 15:02:00 -0500 Subject: [Pki-users] ESC modification questions Message-ID: I've noticed the TPS servers html pages (which seem to be located in the default 7.3 install at var/lib/pki-tps/docRoot/esc to handle the enrollment of a token so that flow can easily be modified. The question I have is their a way to disable user functionallity in the esc so some actions are not possible (i.e) formating a card? And if so how? Thanks Sean -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmagne at redhat.com Mon Feb 9 22:36:24 2009 From: jmagne at redhat.com (Jack Magne) Date: Mon, 09 Feb 2009 14:36:24 -0800 Subject: [Pki-users] ESC modification questions In-Reply-To: References: Message-ID: <4990AFE8.5020306@redhat.com> Sean: The external UI served by TPS is easily modifiable, while the local UI that ESC uses to perform tasks such as pin-reset and format is written in XUL and is part of the ESC distribution. Veale, Sean wrote: > > I've noticed the TPS servers html pages (which seem to be located in > the default 7.3 install at var/lib/pki-tps/docRoot/esc to handle the > enrollment of a token so that flow can easily be modified. > > The question I have is their a way to disable user functionallity in > the esc so some actions are not possible (i.e) formating a card? And > if so how? > > Thanks > Sean > > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From cjbrown at mitre.org Thu Feb 12 16:23:39 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Thu, 12 Feb 2009 11:23:39 -0500 Subject: [Pki-users] multi-valued attribute rdn Message-ID: Are multi-valued attribute distinguished names supported? Something like: cn=Jon Smith+uid=123456,ou=Accounting,o=Some Org,c=US -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From alee at redhat.com Thu Feb 12 16:34:56 2009 From: alee at redhat.com (Ade Lee) Date: Thu, 12 Feb 2009 11:34:56 -0500 Subject: [Pki-users] multi-valued attribute rdn In-Reply-To: References: Message-ID: <1234456496.22903.88.camel@localhost.localdomain> Probably not currently. But your question is timely, as I'm working on a fix to allow special characters like ,+;" to be escaped by the server. You may be able to get your request accepted by escaping the + using a "\" , but there is no guarantee that everything will work - and that you will be able to (for example) search for the issued certificate. Ade On Thu, 2009-02-12 at 11:23 -0500, Brown, Chris wrote: > Are multi-valued attribute distinguished names supported? Something > like: > > > > cn=Jon Smith+uid=123456,ou=Accounting,o=Some Org,c=US > > > > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users From ide4you at gmail.com Sat Feb 7 18:25:14 2009 From: ide4you at gmail.com (Uzor Ide) Date: Sat, 7 Feb 2009 13:25:14 -0500 Subject: [Pki-users] CA Setup Wizard cannot create new Security Domain Message-ID: <5ef5c0c60902071025g2a1aa9b0ndf587199ece3bb0@mail.gmail.com> Hi I am evaluating the dogcat certificate server for use in our company. My problem is that I am running into the Bug 441974 issue. I do not however have any tomcat5-native rpm and have tried changing the C LANG from CA to C but still have the problem. This is a fedora 9 system rpm -qa | grep tomcat5 tomcat5-jasper-5.5.27-0jpp.2.fc9.i386 tomcat5-5.5.27-0jpp.2.fc9.i386 jakarta-commons-dbcp-tomcat5-1.2.1-11jpp.3.fc9.i386 tomcat5-jsp-2.0-api-5.5.27-0jpp.2.fc9.i386 tomcat5-servlet-2.4-api-5.5.27-0jpp.2.fc9.i386 jakarta-commons-pool-tomcat5-1.3-10jpp.3.fc9.i386 tomcat5-server-lib-5.5.27-0jpp.2.fc9.i386 jakarta-commons-collections-tomcat5-3.2-2jpp.2.fc9.i386 tomcat5-common-lib-5.5.27-0jpp.2.fc9.i386 cat /etc/sysconfig/i18n LANG="C" SYSFONT="latarcyrheb-sun16" Below is the pki-ca log debug [07/Feb/2009:07:31:14][main]: CMS:Caught EBaseException Failed to create jss service: org.mozilla.jss.CryptoManager$NotInitializedException at com.netscape.cmscore.security.JssSubsystem.init(JssSubsystem.java:252) at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:732) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:661) at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:276) at com.netscape.certsrv.apps.CMS.init(CMS.java:152) at com.netscape.certsrv.apps.CMS.start(CMS.java:1490) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:78) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:966) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3956) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4230) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) [07/Feb/2009:07:31:14][main]: CMSEngine.shutdown() Any help will be greatly appreciated Thanks __Uz -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean.veale at gdc4s.com Mon Feb 16 20:06:16 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Mon, 16 Feb 2009 15:06:16 -0500 Subject: [Pki-users] Token Id question. Message-ID: In the TPS agent sevices page the formated and enrolled tokens have a unquie identifier with them that you can see here -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean.veale at gdc4s.com Mon Feb 16 20:06:16 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Mon, 16 Feb 2009 15:06:16 -0500 Subject: [Pki-users] Token Id question. Message-ID: In the TPS agent sevices page the formated and enrolled tokens have a unquie identifier with them that you can see here -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean.veale at gdc4s.com Mon Feb 16 20:08:56 2009 From: sean.veale at gdc4s.com (Veale, Sean) Date: Mon, 16 Feb 2009 15:08:56 -0500 Subject: [Pki-users] Token Id question Message-ID: Sorry hit send to fast. Here is the full email In the TPS agent page the tokens are identified by a unique identifier it seems. You can see an example here. http://www.redhat.com/docs/manuals/cert-system/7.3/html/Agent_Guide/TPS_ Agent_Services-Managing_Tokens.html#Managing_Tokens-Editing_the_Token Is this the CUID, and is it read off the card during format? Or is it created in some fashion? If it is created what data is used to do that? Thanks Sean -------------- next part -------------- An HTML attachment was scrubbed... URL: From lambam80 at hotmail.com Wed Feb 25 15:17:26 2009 From: lambam80 at hotmail.com (lambam80 at hotmail.com) Date: Wed, 25 Feb 2009 10:17:26 -0500 Subject: [Pki-users] Certificate System Want to change hostname/IP addressafter installation In-Reply-To: <496CBA42.3070905@redhat.com> References: <496CBA42.3070905@redhat.com> Message-ID: Hello again and thanks for the help. I've perfomed my CA install taking into account all your helpful advice. However when I launch the admin interfact with: https://localhost.localdomain:9443/ca/services I get the following errors: message description The server encountered an internal error () that prevented it from fulfilling this request.exception java.io.IOException: CS server is not ready to serve. com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:424) javax.servlet.http.HttpServlet.service(HttpServlet.java:729) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.27 logs. Q1. I've looked allover /var/lobs/tomcat5 etc. but cannot find these log files. Where should I be looking ? Thanks again for all your help lambam80. ---- > Date: Tue, 13 Jan 2009 07:58:58 -0800 > From: cfu at redhat.com > To: sean.veale at gdc4s.com > Subject: Re: [Pki-users] Certificate System Want to change hostname/IP addressafter installation > CC: pki-users at redhat.com > > I happened to have created one on a fc8 myself for the purpose of traveling. > > I have in my /etc/hosts file: > 127.0.0.1 localhost.localdomain localhost localhost > > and in /etc/nsswitch.conf: > hosts: files dns > > I do the following before each installation (rpm install or pkicreate) > as root: > domainname localdomain > hostname localhost > > Christina > > Veale, Sean wrote: > > Sorry sent before I was done... > > > > We'd like to create a 'portable' CMS on a laptop running, say, Fedora > > release 8 (Werewolf). > > > > Is this possible ? > > > > I'd say it is possible. Take a look at this system here > > http://www.redhat.com/promo/summit/2008/downloads/pdf/Friday/Friday_1015am_Bob_Lord_OSS.pdf > > > > I've seen the someone from spryus post here before or your best bet > > might be contacting them directly to see what info they can share. > > > > Sean > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users _________________________________________________________________ So many new options, so little time. Windows Live Messenger. http://www.microsoft.com/windows/windowslive/products/messenger.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From msauton at redhat.com Wed Feb 25 17:32:38 2009 From: msauton at redhat.com (Marc Sauton) Date: Wed, 25 Feb 2009 09:32:38 -0800 Subject: [Pki-users] Certificate System Want to change hostname/IP addressafter installation In-Reply-To: References: <496CBA42.3070905@redhat.com> Message-ID: <49A580B6.8010704@redhat.com> lambam80 at hotmail.com wrote: > Hello again and thanks for the help. > > I've perfomed my CA install taking into account all your helpful advice. > > However when I launch the admin interfact with: > > https://localhost.localdomain:9443/ca/services > > I get the following errors: > > *message* *description* _The server encountered an internal error () > that prevented it from fulfilling this request._*exception* > java.io.IOException: CS server is not ready to serve. > com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:424) > javax.servlet.http.HttpServlet.service(HttpServlet.java:729) *note* > _The full stack trace of the root cause is available in the Apache > Tomcat/5.5.27 logs._ > > > Q1. I've looked allover /var/lobs/tomcat5 etc. but cannot find these > log files. Where should I be looking ? The first instance created at installation will have logs into /var/log/rhpki-ca/ Buf if you add other instances, only the install log will be in this same location, and the newer log files will be under /var/lib/rhpki/logs/ So, I always search under /var/lib/rhpki/ first. For you problem, try to see if a process is listening on the port (9443), and then try to browse using the ip address bound to this port. Also look for events in the catalina.out log file. M. > > Thanks again for all your help lambam80. > ---- > > > Date: Tue, 13 Jan 2009 07:58:58 -0800 > > From: cfu at redhat.com > > To: sean.veale at gdc4s.com > > Subject: Re: [Pki-users] Certificate System Want to change > hostname/IP addressafter installation > > CC: pki-users at redhat.com > > > > I happened to have created one on a fc8 myself for the purpose of > traveling. > > > > I have in my /etc/hosts file: > > 127.0.0.1 localhost.localdomain localhost localhost > > > > and in /etc/nsswitch.conf: > > hosts: files dns > > > > I do the following before each installation (rpm install or pkicreate) > > as root: > > domainname localdomain > > hostname localhost > > > > Christina > > > > Veale, Sean wrote: > > > Sorry sent before I was done... > > > > > > We'd like to create a 'portable' CMS on a laptop running, say, Fedora > > > release 8 (Werewolf). > > > > > > Is this possible ? > > > > > > I'd say it is possible. Take a look at this system here > > > > http://www.redhat.com/promo/summit/2008/downloads/pdf/Friday/Friday_1015am_Bob_Lord_OSS.pdf > > > > > > I've seen the someone from spryus post here before or your best bet > > > might be contacting them directly to see what info they can share. > > > > > > Sean > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > ------------------------------------------------------------------------ > So many new options, so little time. Windows Live Messenger. > > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > From lambam80 at hotmail.com Thu Feb 26 09:30:53 2009 From: lambam80 at hotmail.com (lambam80 at hotmail.com) Date: Thu, 26 Feb 2009 04:30:53 -0500 Subject: [Pki-users] Certificate System Want to change hostname/IP addressafter installation In-Reply-To: <49A580B6.8010704@redhat.com> References: <496CBA42.3070905@redhat.com> <49A580B6.8010704@redhat.com> Message-ID: Marc, et al, hello and thanks for the continued support. I looked in the file: /var/lib/pki-ca/logs/catalina.out ... 94 INFO: XML validation disabled 95 Internal Database Error encountered: Could not connect to LDAP server host localhost port 389 Error netscape.ldap.LD APException: failed to connect to server ldap://localhost:389 (91) ... Failed install of Directory Server - it's only a stand-alone laptop so I'll re-install from scratch (OS also). I'm not brave enough to de-install CMS. Naturally, I'll keep you posted. Thanks again for your support. --------- > Date: Wed, 25 Feb 2009 09:32:38 -0800 > From: msauton at redhat.com > To: lambam80 at hotmail.com > CC: pki-users at redhat.com > Subject: Re: [Pki-users] Certificate System Want to change hostname/IP addressafter installation > > lambam80 at hotmail.com wrote: > > Hello again and thanks for the help. > > > > I've perfomed my CA install taking into account all your helpful advice. > > > > However when I launch the admin interfact with: > > > > https://localhost.localdomain:9443/ca/services > > > > I get the following errors: > > > > *message* *description* _The server encountered an internal error () > > that prevented it from fulfilling this request._*exception* > > java.io.IOException: CS server is not ready to serve. > > com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:424) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:729) *note* > > _The full stack trace of the root cause is available in the Apache > > Tomcat/5.5.27 logs._ > > > > > > Q1. I've looked allover /var/lobs/tomcat5 etc. but cannot find these > > log files. Where should I be looking ? > The first instance created at installation will have logs into > /var/log/rhpki-ca/ > Buf if you add other instances, only the install log will be in this > same location, and the newer log files will be under > /var/lib/rhpki/logs/ > So, I always search under /var/lib/rhpki/ first. > For you problem, try to see if a process is listening on the port > (9443), and then try to browse using the ip address bound to this port. > Also look for events in the catalina.out log file. > M. > > > > Thanks again for all your help lambam80. > > ---- > > > > > Date: Tue, 13 Jan 2009 07:58:58 -0800 > > > From: cfu at redhat.com > > > To: sean.veale at gdc4s.com > > > Subject: Re: [Pki-users] Certificate System Want to change > > hostname/IP addressafter installation > > > CC: pki-users at redhat.com > > > > > > I happened to have created one on a fc8 myself for the purpose of > > traveling. > > > > > > I have in my /etc/hosts file: > > > 127.0.0.1 localhost.localdomain localhost localhost > > > > > > and in /etc/nsswitch.conf: > > > hosts: files dns > > > > > > I do the following before each installation (rpm install or pkicreate) > > > as root: > > > domainname localdomain > > > hostname localhost > > > > > > Christina > > > > > > Veale, Sean wrote: > > > > Sorry sent before I was done... > > > > > > > > We'd like to create a 'portable' CMS on a laptop running, say, Fedora > > > > release 8 (Werewolf). > > > > > > > > Is this possible ? > > > > > > > > I'd say it is possible. Take a look at this system here > > > > > > http://www.redhat.com/promo/summit/2008/downloads/pdf/Friday/Friday_1015am_Bob_Lord_OSS.pdf > > > > > > > > I've seen the someone from spryus post here before or your best bet > > > > might be contacting them directly to see what info they can share. > > > > > > > > Sean > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > Pki-users mailing list > > > > Pki-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > > > > > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > ------------------------------------------------------------------------ > > So many new options, so little time. Windows Live Messenger. > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > _________________________________________________________________ So many new options, so little time. Windows Live Messenger. http://www.microsoft.com/windows/windowslive/products/messenger.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From lambam80 at hotmail.com Thu Feb 26 12:30:21 2009 From: lambam80 at hotmail.com (lambam80 at hotmail.com) Date: Thu, 26 Feb 2009 07:30:21 -0500 Subject: [Pki-users] Certificate System Want to change hostname/IP address after installation In-Reply-To: References: <496CBA42.3070905@redhat.com> <49A580B6.8010704@redhat.com> Message-ID: It's now working after a meticulous (re)installation. Thanks again everybody. From: lambam80 at hotmail.com To: msauton at redhat.com; lambam80 at hotmail.com; pki-users at redhat.com Subject: RE: [Pki-users] Certificate System Want to change hostname/IP addressafter installation Date: Thu, 26 Feb 2009 04:30:53 -0500 Marc, et al, hello and thanks for the continued support. I looked in the file: /var/lib/pki-ca/logs/catalina.out ... 94 INFO: XML validation disabled 95 Internal Database Error encountered: Could not connect to LDAP server host localhost port 389 Error netscape.ldap.LD APException: failed to connect to server ldap://localhost:389 (91) ... Failed install of Directory Server - it's only a stand-alone laptop so I'll re-install from scratch (OS also). I'm not brave enough to de-install CMS. Naturally, I'll keep you posted. Thanks again for your support. --------- > Date: Wed, 25 Feb 2009 09:32:38 -0800 > From: msauton at redhat.com > To: lambam80 at hotmail.com > CC: pki-users at redhat.com > Subject: Re: [Pki-users] Certificate System Want to change hostname/IP addressafter installation > > lambam80 at hotmail.com wrote: > > Hello again and thanks for the help. > > > > I've perfomed my CA install taking into account all your helpful advice. > > > > However when I launch the admin interfact with: > > > > https://localhost.localdomain:9443/ca/services > > > > I get the following errors: > > > > *message* *description* _The server encountered an internal error () > > that prevented it from fulfilling this request._*exception* > > java.io.IOException: CS server is not ready to serve. > > com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:424) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:729) *note* > > _The full stack trace of the root cause is available in the Apache > > Tomcat/5.5.27 logs._ > > > > > > Q1. I've looked allover /var/lobs/tomcat5 etc. but cannot find these > > log files. Where should I be looking ? > The first instance created at installation will have logs into > /var/log/rhpki-ca/ > Buf if you add other instances, only the install log will be in this > same location, and the newer log files will be under > /var/lib/rhpki/logs/ > So, I always search under /var/lib/rhpki/ first. > For you problem, try to see if a process is listening on the port > (9443), and then try to browse using the ip address bound to this port. > Also look for events in the catalina.out log file. > M. > > > > Thanks again for all your help lambam80. > > ---- > > > > > Date: Tue, 13 Jan 2009 07:58:58 -0800 > > > From: cfu at redhat.com > > > To: sean.veale at gdc4s.com > > > Subject: Re: [Pki-users] Certificate System Want to change > > hostname/IP addressafter installation > > > CC: pki-users at redhat.com > > > > > > I happened to have created one on a fc8 myself for the purpose of > > traveling. > > > > > > I have in my /etc/hosts file: > > > 127.0.0.1 localhost.localdomain localhost localhost > > > > > > and in /etc/nsswitch.conf: > > > hosts: files dns > > > > > > I do the following before each installation (rpm install or pkicreate) > > > as root: > > > domainname localdomain > > > hostname localhost > > > > > > Christina > > > > > > Veale, Sean wrote: > > > > Sorry sent before I was done... > > > > > > > > We'd like to create a 'portable' CMS on a laptop running, say, Fedora > > > > release 8 (Werewolf). > > > > > > > > Is this possible ? > > > > > > > > I'd say it is possible. Take a look at this system here > > > > > > http://www.redhat.com/promo/summit/2008/downloads/pdf/Friday/Friday_1015am_Bob_Lord_OSS.pdf > > > > > > > > I've seen the someone from spryus post here before or your best bet > > > > might be contacting them directly to see what info they can share. > > > > > > > > Sean > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > Pki-users mailing list > > > > Pki-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > > > > > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > ------------------------------------------------------------------------ > > So many new options, so little time. Windows Live Messenger. > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > So many new options, so little time. Windows Live Messenger. _________________________________________________________________ How fun is this? IMing with Windows Live Messenger just got better. http://www.microsoft.com/windows/windowslive/products/messenger.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From cjbrown at mitre.org Thu Feb 26 19:57:55 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Thu, 26 Feb 2009 14:57:55 -0500 Subject: [Pki-users] file publishing question Message-ID: I set up a new Publisher that is supposed to write the CRL to the /tmp directory. I was going to then going to use a cron job to move it to a web server. The publisher job does not seem to be firing and I don't see anything in the logs referring to it (except when the CA is started). Has anyone successfully used a file publisher? Here is the config: ca.publish.publisher.instance.webServerPub.crlLinkExt= ca.publish.publisher.instance.webServerPub.directory=/tmp ca.publish.publisher.instance.webServerPub.latestCrlLink=true ca.publish.publisher.instance.webServerPub.pluginName=FileBasedPublisher ca.publish.publisher.instance.webServerPub.Filename.b64=true ca.publish.publisher.instance.webServerPub.Filename.der=true Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From Julius.Adewumi at gdc4s.com Thu Feb 26 20:43:44 2009 From: Julius.Adewumi at gdc4s.com (Adewumi, Julius-p99373) Date: Thu, 26 Feb 2009 13:43:44 -0700 Subject: [Pki-users] file publishing question In-Reply-To: References: Message-ID: <150446754087724BA4B8F287083846B203E88DB6@AZ25EXM04.gddsi.com> Be sure you have Rules set up and Mapper =nomap From: Julius Adewumi @GDC4S.com Ph:480-441-6768 Contract Corp:MTSI ________________________________ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Thursday, February 26, 2009 12:58 PM To: pki-users at redhat.com Subject: [Pki-users] file publishing question I set up a new Publisher that is supposed to write the CRL to the /tmp directory. I was going to then going to use a cron job to move it to a web server. The publisher job does not seem to be firing and I don't see anything in the logs referring to it (except when the CA is started). Has anyone successfully used a file publisher? Here is the config: ca.publish.publisher.instance.webServerPub.crlLinkExt= ca.publish.publisher.instance.webServerPub.directory=/tmp ca.publish.publisher.instance.webServerPub.latestCrlLink=true ca.publish.publisher.instance.webServerPub.pluginName=FileBasedPublisher ca.publish.publisher.instance.webServerPub.Filename.b64=true ca.publish.publisher.instance.webServerPub.Filename.der=true Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From cjbrown at mitre.org Fri Feb 27 17:10:17 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Fri, 27 Feb 2009 12:10:17 -0500 Subject: [Pki-users] file publishing question In-Reply-To: <150446754087724BA4B8F287083846B203E88DB6@AZ25EXM04.gddsi.com> References: <150446754087724BA4B8F287083846B203E88DB6@AZ25EXM04.gddsi.com> Message-ID: Thanks I mistakenly had the rule set up for certs and not crls. From: Adewumi, Julius-p99373 [mailto:Julius.Adewumi at gdc4s.com] Sent: Thursday, February 26, 2009 3:44 PM To: Brown, Chris; pki-users at redhat.com Subject: RE: [Pki-users] file publishing question Be sure you have Rules set up and Mapper =nomap From: Julius Adewumi @GDC4S.com Ph:480-441-6768 Contract Corp:MTSI _____ From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Brown, Chris Sent: Thursday, February 26, 2009 12:58 PM To: pki-users at redhat.com Subject: [Pki-users] file publishing question I set up a new Publisher that is supposed to write the CRL to the /tmp directory. I was going to then going to use a cron job to move it to a web server. The publisher job does not seem to be firing and I don't see anything in the logs referring to it (except when the CA is started). Has anyone successfully used a file publisher? Here is the config: ca.publish.publisher.instance.webServerPub.crlLinkExt= ca.publish.publisher.instance.webServerPub.directory=/tmp ca.publish.publisher.instance.webServerPub.latestCrlLink=true ca.publish.publisher.instance.webServerPub.pluginName=FileBasedPublisher ca.publish.publisher.instance.webServerPub.Filename.b64=true ca.publish.publisher.instance.webServerPub.Filename.der=true Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: