[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Sep 4 06:43:03 UTC 2015
debian/changelog | 6 +
debian/patches/debian-support.diff | 101 +++++++++++++++++++++++++++++-
debian/patches/series | 1
debian/patches/use-tomcat8.diff | 122 +++++++++++++++++++++++++++++++++++++
debian/pki-ca.links | 2
debian/pki-kra.links | 2
debian/pki-ocsp.links | 2
debian/pki-server.pki-tomcatd.init | 4 -
debian/pki-tks.links | 2
debian/pki-tps.links | 2
10 files changed, 233 insertions(+), 11 deletions(-)
New commits:
commit 563469163f55fd789b22b7e7a6467be3ad60c1f9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 4 08:59:22 2015 +0300
debian-support.diff: Fix EnvironmentFile in systemd service.
diff --git a/debian/patches/debian-support.diff b/debian/patches/debian-support.diff
index 08e49b8..7205216 100644
--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -124,9 +124,12 @@ Description: changes for Debian
--- a/base/server/share/lib/systemd/system/pki-tomcatd at .service
+++ b/base/server/share/lib/systemd/system/pki-tomcatd at .service
-@@ -6,7 +6,7 @@ PartOf=pki-tomcatd.target
+@@ -4,9 +4,9 @@ PartOf=pki-tomcatd.target
+
+ [Service]
Type=simple
- EnvironmentFile=/etc/tomcat/tomcat.conf
+-EnvironmentFile=/etc/tomcat/tomcat.conf
++EnvironmentFile=/etc/default/tomcat8
Environment="NAME=%i"
-EnvironmentFile=-/etc/sysconfig/%i
+EnvironmentFile=-/etc/default/%i
commit dbcbfa4898942da536ebff1bacbc9db2c1c4bf58
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 18:28:48 2015 +0300
debian-support.diff: Fix pki_registry_dir, broke when patch got refreshed.
diff --git a/debian/patches/debian-support.diff b/debian/patches/debian-support.diff
index 86ee66b..08e49b8 100644
--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -96,7 +96,7 @@ Description: changes for Debian
java_dir="/usr/share/java"
pki_common_jar_dir="${PKI_INSTANCE_PATH}/common/lib"
- pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}"
-+ pki_registry_dir="/etc/dogtag/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}"
++ pki_registry_dir="/etc/dogtag/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}"
# Dogtag 10 Systemd variables
systemd_dir="/lib/systemd/system"
commit 964cd4fe6111c60901424d8448bedc554422df91
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 18:27:30 2015 +0300
debian-support.diff: Don't try to manage rc3.d/* symlinks.
diff --git a/debian/changelog b/debian/changelog
index b8907f6..ececad6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,7 @@ dogtag-pki (10.2.6-1) UNRELEASED; urgency=medium
* debian-support.diff: Fix nuxwdog paths.
* use-tomcat8.diff: Patch initscript includes to use tomcat 8.
* *.links: Link to tomcat8 policy.d.
+ * debian-support.diff: Don't try to manage rc3.d/* symlinks.
-- Timo Aaltonen <tjaalton at debian.org> Thu, 02 Apr 2015 15:45:06 +0300
diff --git a/debian/patches/debian-support.diff b/debian/patches/debian-support.diff
index 86261ce..86ee66b 100644
--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -264,3 +264,25 @@ Description: changes for Debian
for line in fileinput.input(sysconfig_file, inplace=1):
match = re.search("^JAVA_OPTS=\"(.*)\"", line)
+--- a/base/server/python/pki/server/deployment/pkihelper.py
++++ b/base/server/python/pki/server/deployment/pkihelper.py
+@@ -3528,8 +3528,7 @@ class Systemd(object):
+ """
+ try:
+ if pki.system.SYSTEM_TYPE == "debian":
+- command = ["rm", "/etc/rc3.d/*" +
+- self.mdict['pki_instance_name']]
++ command = ["true"]
+ else:
+ command = ["systemctl", "disable", "pki-tomcatd.target"]
+
+@@ -3578,8 +3577,7 @@ class Systemd(object):
+ """
+ try:
+ if pki.system.SYSTEM_TYPE == "debian":
+- command = ["ln", "-s", "/etc/init.d/pki-tomcatd",
+- "/etc/rc3.d/S89" + self.mdict['pki_instance_name']]
++ command = ["true"]
+ else:
+ command = ["systemctl", "enable", "pki-tomcatd.target"]
+
commit fe7dfa55cb29f1929e58ead465bbe58572cf318f
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 17:54:36 2015 +0300
*.links: Link to tomcat8 policy.d.
diff --git a/debian/changelog b/debian/changelog
index f571efe..b8907f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,7 @@ dogtag-pki (10.2.6-1) UNRELEASED; urgency=medium
* install: Added new manpages, nuxwdog support, html docs to pki-base.
* debian-support.diff: Fix nuxwdog paths.
* use-tomcat8.diff: Patch initscript includes to use tomcat 8.
+ * *.links: Link to tomcat8 policy.d.
-- Timo Aaltonen <tjaalton at debian.org> Thu, 02 Apr 2015 15:45:06 +0300
diff --git a/debian/pki-ca.links b/debian/pki-ca.links
index b8f2e75..5317fb4 100644
--- a/debian/pki-ca.links
+++ b/debian/pki-ca.links
@@ -1 +1 @@
-/etc/tomcat7/policy.d usr/share/pki/ca/conf/policy.d
+/etc/tomcat8/policy.d usr/share/pki/ca/conf/policy.d
diff --git a/debian/pki-kra.links b/debian/pki-kra.links
index 5358193..800cf7f 100644
--- a/debian/pki-kra.links
+++ b/debian/pki-kra.links
@@ -1 +1 @@
-/etc/tomcat7/policy.d usr/share/pki/kra/conf/policy.d
+/etc/tomcat8/policy.d usr/share/pki/kra/conf/policy.d
diff --git a/debian/pki-ocsp.links b/debian/pki-ocsp.links
index 0e6576b..76f73a4 100644
--- a/debian/pki-ocsp.links
+++ b/debian/pki-ocsp.links
@@ -1 +1 @@
-/etc/tomcat7/policy.d usr/share/pki/ocsp/conf/policy.d
+/etc/tomcat8/policy.d usr/share/pki/ocsp/conf/policy.d
diff --git a/debian/pki-server.pki-tomcatd.init b/debian/pki-server.pki-tomcatd.init
index d661b64..a0a9992 100755
--- a/debian/pki-server.pki-tomcatd.init
+++ b/debian/pki-server.pki-tomcatd.init
@@ -27,10 +27,10 @@
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
-# pki-tomcatd Startup script for pki-tomcat instances with tomcat7
+# pki-tomcatd Startup script for pki-tomcat instances with tomcat8
#
# chkconfig: - 81 19
-# description: Dogtag Certificates Subsystems (Tomcat 7)
+# description: Dogtag Certificates Subsystems (Tomcat 8)
# processname: pki-tomcatd
# piddir: /var/run/pki/tomcat
#
diff --git a/debian/pki-tks.links b/debian/pki-tks.links
index 201d3c5..ecb5cc0 100644
--- a/debian/pki-tks.links
+++ b/debian/pki-tks.links
@@ -1 +1 @@
-/etc/tomcat7/policy.d usr/share/pki/tks/conf/policy.d
+/etc/tomcat8/policy.d usr/share/pki/tks/conf/policy.d
diff --git a/debian/pki-tps.links b/debian/pki-tps.links
index e69bd6e..ab8db88 100644
--- a/debian/pki-tps.links
+++ b/debian/pki-tps.links
@@ -1 +1 @@
-/etc/tomcat7/policy.d usr/share/pki/tps/conf/policy.d
+/etc/tomcat8/policy.d usr/share/pki/tps/conf/policy.d
commit 90c213c55aae625ba74f12be91fd207abff7e541
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 17:54:16 2015 +0300
use-tomcat8.diff: Patch initscript includes to use tomcat 8.
diff --git a/debian/changelog b/debian/changelog
index 289e6f1..f571efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,6 +19,7 @@ dogtag-pki (10.2.6-1) UNRELEASED; urgency=medium
* control: Add libnuxwdog-java to build-depends, and pki-server depends.
* install: Added new manpages, nuxwdog support, html docs to pki-base.
* debian-support.diff: Fix nuxwdog paths.
+ * use-tomcat8.diff: Patch initscript includes to use tomcat 8.
-- Timo Aaltonen <tjaalton at debian.org> Thu, 02 Apr 2015 15:45:06 +0300
diff --git a/debian/patches/series b/debian/patches/series
index 0031716..3d21fa0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ fix-symkey-path.diff
fix-format-security-warnings.patch
fix-junit-jar.diff
dont-install-deleted-files.diff
+use-tomcat8.diff
diff --git a/debian/patches/use-tomcat8.diff b/debian/patches/use-tomcat8.diff
new file mode 100644
index 0000000..24e6694
--- /dev/null
+++ b/debian/patches/use-tomcat8.diff
@@ -0,0 +1,122 @@
+--- a/base/server/scripts/operations
++++ b/base/server/scripts/operations
+@@ -754,7 +754,7 @@ display_instance_status_debian()
+ {
+ set_debian_tomcat_parameters
+ start-stop-daemon --status --pidfile "$CATALINA_PID" \
+- --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \
++ --user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
+ >/dev/null 2>&1
+ rv=$?
+
+@@ -943,7 +943,7 @@ verify_symlinks()
+ # Dogtag 10 Conditional Variables
+ if $debian ; then
+ jni_jar_dir="/usr/share/java"
+- tomcat_dir="/usr/share/tomcat7"
++ tomcat_dir="/usr/share/tomcat8"
+ else
+ jni_jar_dir=`source /usr/share/pki/etc/pki.conf && source /etc/pki/pki.conf && echo $JNI_JAR_DIR`
+ tomcat_dir="/usr/share/tomcat"
+@@ -1486,9 +1486,9 @@ catalina_sh() {
+
+ # Run the catalina.sh script as a daemon
+ touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+- chown $TOMCAT7_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+- start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" \
+- -c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
++ chown $TOMCAT_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
++ start-stop-daemon --start -b -u "$TOMCAT_USER" -g "$TOMCAT_GROUP" \
++ -c "$TOMCAT_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
+ -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"
+ status="$?"
+ set +a
+@@ -1498,9 +1498,9 @@ catalina_sh() {
+ set_debian_tomcat_parameters()
+ {
+ set_java_home
+- CATALINA_HOME=/usr/share/tomcat7
++ CATALINA_HOME=/usr/share/tomcat8
+ CATALINA_BASE=/var/lib/pki/${PKI_INSTANCE_NAME}
+- DESC="Tomcat 7 instance for ${PKI_INSTANCE_NAME}"
++ DESC="Tomcat 8 instance for ${PKI_INSTANCE_NAME}"
+
+ if [ -z "$JAVA_OPTS" ]; then
+ JAVA_OPTS="-Djava.awt.headless=true -Xmx128M"
+@@ -1511,7 +1511,7 @@ set_debian_tomcat_parameters()
+ . /etc/default/${PKI_INSTANCE_NAME}
+ fi
+
+- JVM_TMP=/tmp/tomcat7-${PKI_INSTANCE_NAME}-tmp
++ JVM_TMP=/tmp/tomcat8-${PKI_INSTANCE_NAME}-tmp
+ if [ -z "$CATALINA_TMPDIR" ]; then
+ CATALINA_TMPDIR="$JVM_TMP"
+ fi
+@@ -1525,9 +1525,9 @@ set_debian_tomcat_parameters()
+ # for now, do not generate policy here, because we need to figure out
+ # where to get the tomcat policy.
+
+- TOMCAT7_SECURITY=no
++ TOMCAT_SECURITY=no
+ SECURITY=""
+- if [ "$TOMCAT7_SECURITY" = "True" ]; then
++ if [ "$TOMCAT_SECURITY" = "True" ]; then
+ SECURITY="-security"
+ fi
+
+@@ -1540,8 +1540,8 @@ set_debian_tomcat_parameters()
+ JSSE_HOME="${JAVA_HOME}/jre/"
+ fi
+
+- TOMCAT7_USER=$TOMCAT_USER
+- TOMCAT7_GROUP=$TOMCAT_USER
++ TOMCAT_USER=$TOMCAT_USER
++ TOMCAT_GROUP=$TOMCAT_USER
+ }
+
+ start_deb_instance()
+@@ -1562,7 +1562,7 @@ start_deb_instance()
+ set_debian_tomcat_parameters
+
+ if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
+- --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \
++ --user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
+ >/dev/null; then
+
+ # Remove / recreate JVM_TMP directory
+@@ -1571,12 +1571,12 @@ start_deb_instance()
+ log_failure_msg "could not create JVM temporary directory"
+ exit 1
+ }
+- chown $TOMCAT7_USER "$JVM_TMP"
++ chown $TOMCAT_USER "$JVM_TMP"
+
+ catalina_sh start $SECURITY
+ sleep 5
+ if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
+- --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \
++ --user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
+ >/dev/null; then
+ if [ -f "$CATALINA_PID" ]; then
+ rm -f "$CATALINA_PID"
+@@ -1610,7 +1610,7 @@ stop_instance()
+
+ if [ -f "$CATALINA_PID" ]; then
+ start-stop-daemon --stop --pidfile "$CATALINA_PID" \
+- --user "$TOMCAT7_USER" \
++ --user "$TOMCAT_USER" \
+ --retry=TERM/20/KILL/5 >/dev/null
+ if [ $? -eq 1 ]; then
+ log_progress_msg "$DESC is not running but pid file exists, cleaning up"
+--- a/base/server/share/conf/tomcat.conf
++++ b/base/server/share/conf/tomcat.conf
+@@ -66,8 +66,7 @@ TOMCAT_LOG="[TOMCAT_LOG_DIR]/tomcat-init
+ PKI_VERSION=[APPLICATION_VERSION]
+
+ # Debian settings
+-TOMCAT7_USER="[PKI_USER]"
+-TOMCAT7_SECURITY="[PKI_SECURITY_MANAGER]"
++TOMCAT_SECURITY="[PKI_SECURITY_MANAGER]"
+
+ # Use Nuxwdog to start server
+ USE_NUXWDOG="false"
commit 631e4d36633d3f21260bffdd913a20e72a88cfcc
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 3 17:28:06 2015 +0300
debian-support.diff: Fix nuxwdog paths.
diff --git a/debian/changelog b/debian/changelog
index fc5a043..289e6f1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ dogtag-pki (10.2.6-1) UNRELEASED; urgency=medium
* Build using tomcat8, update libtomcatjss-java build-dep.
* control: Add libnuxwdog-java to build-depends, and pki-server depends.
* install: Added new manpages, nuxwdog support, html docs to pki-base.
+ * debian-support.diff: Fix nuxwdog paths.
-- Timo Aaltonen <tjaalton at debian.org> Thu, 02 Apr 2015 15:45:06 +0300
diff --git a/debian/patches/debian-support.diff b/debian/patches/debian-support.diff
index cc8ad57..86261ce 100644
--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -16,6 +16,15 @@ Description: changes for Debian
pki_instance_path=%(pki_path)s/%(pki_instance_name)s
pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
+@@ -330,7 +330,7 @@ pki_resteasy_jaxrs_jar=%(resteasy_lib)s/
+ pki_resteasy_jackson_provider_jar=%(resteasy_lib)s/resteasy-jackson-provider.jar
+
+ # nuxwdog
+-pki_nuxwdog_client_jar=/usr/lib/java/nuxwdog.jar
++pki_nuxwdog_client_jar=/usr/share/java/nuxwdog.jar
+
+
+ ###############################################################################
--- a/base/server/man/man8/pkispawn.8
+++ b/base/server/man/man8/pkispawn.8
@@ -103,7 +103,7 @@ the \-f option.
@@ -49,6 +58,19 @@ Description: changes for Debian
self.mdict['pki_instance_name']
self.mdict['pki_target_tomcat_conf'] = \
os.path.join(
+@@ -1044,10 +1044,10 @@ class PKIConfigParser:
+
+ if config.pki_architecture == 64:
+ self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
+- '/usr/lib64/nuxwdog-jni')
++ '/usr/lib/jni')
+ else:
+ self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
+- '/usr/lib/nuxwdog-jni')
++ '/usr/lib/jni')
+
+ # tps parameters
+ self.mdict['TOKENDB_HOST_SLOT'] = \
@@ -1313,7 +1313,7 @@ class PKIConfigParser:
instance_root = os.path.join('/var/lib/pki', instance_name)
if not os.path.exists(instance_root):
@@ -194,3 +216,51 @@ Description: changes for Debian
permission java.security.AllPermission;
};
+@@ -222,6 +222,6 @@ grant codeBase "file:${catalina.base}/we
+ permission java.security.AllPermission;
+ };
+
+-grant codeBase "file:/usr/lib/java/nuxwdog.jar" {
++grant codeBase "file:/usr/share/java/nuxwdog.jar" {
+ permission java.security.AllPermission;
+ };
+--- a/base/server/python/pki/server/cli/nuxwdog.py
++++ b/base/server/python/pki/server/cli/nuxwdog.py
+@@ -115,7 +115,7 @@ class NuxwdogEnableCLI(pki.cli.CLI):
+ self.modify_password_class_in_cs_cfg(instance)
+
+ def add_nuxwdog_link(self, instance):
+- nuxwdog_jar_path = '/usr/lib/java/nuxwdog.jar'
++ nuxwdog_jar_path = '/usr/share/java/nuxwdog.jar'
+ if not os.path.exists(nuxwdog_jar_path):
+ print (
+ "Error: nuxwdog jar file does not exist. "
+@@ -134,13 +134,13 @@ class NuxwdogEnableCLI(pki.cli.CLI):
+ os.symlink(nuxwdog_jar_path, instance_jar_path)
+
+ def enable_nuxwdog_sysconfig_file(self, instance):
+- sysconfig_file = os.path.join('/etc/sysconfig', instance.name)
++ sysconfig_file = os.path.join('/etc/default', instance.name)
+
+ arch = struct.calcsize("P") * 8
+ if arch == 64:
+- jni_str = "-Djava.library.path=/usr/lib64/nuxwdog-jni"
++ jni_str = "-Djava.library.path=/usr/lib/jni"
+ else:
+- jni_str = "-Djava.library.path=/usr/lib/nuxwdog-jni"
++ jni_str = "-Djava.library.path=/usr/lib/jni"
+
+ got_use_nuxwdog = False
+
+@@ -320,9 +320,9 @@ class NuxwdogDisableCLI(pki.cli.CLI):
+
+ arch = struct.calcsize("P") * 8
+ if arch == 64:
+- jni_str = "-Djava.library.path=/usr/lib64/nuxwdog-jni"
++ jni_str = "-Djava.library.path=/usr/lib/jni"
+ else:
+- jni_str = "-Djava.library.path=/usr/lib/nuxwdog-jni"
++ jni_str = "-Djava.library.path=/usr/lib/jni"
+
+ for line in fileinput.input(sysconfig_file, inplace=1):
+ match = re.search("^JAVA_OPTS=\"(.*)\"", line)
commit 4caaa0300239a301961415c99dea6af260f66557
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Aug 27 07:25:12 2015 +0300
close bug #789138
diff --git a/debian/changelog b/debian/changelog
index 49631b8..fc5a043 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,7 +14,7 @@ dogtag-pki (10.2.6-1) UNRELEASED; urgency=medium
* Update patches.
* control, pki-server.install: Clean up perl stuff, drop pki-setup-
proxy which is gone.
- * control, rules, patches: Migrate to tomcat8.
+ * control, rules, patches: Migrate to tomcat8. (Closes: #789138)
* Build using tomcat8, update libtomcatjss-java build-dep.
* control: Add libnuxwdog-java to build-depends, and pki-server depends.
* install: Added new manpages, nuxwdog support, html docs to pki-base.
More information about the Pkg-freeipa-devel
mailing list