[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Tue Apr 5 16:45:49 UTC 2016
CMakeLists.txt | 3
base/ca/shared/conf/CS.cfg.in | 9
base/ca/shared/conf/indextasks.ldif | 31
base/ca/shared/profiles/ca/AdminCert.cfg | 4
base/ca/shared/profiles/ca/caAdminCert.cfg | 4
base/ca/shared/webapps/ca/agent/ca/displayBySerial.template | 8
base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template | 4
base/ca/shared/webapps/ca/agent/ca/queryCert.template | 4
base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template | 56
base/ca/shared/webapps/ca/ee/ca/displayBySerial.template | 8
base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template | 4
base/ca/shared/webapps/ca/ee/ca/displayCaCert.template | 8
base/ca/shared/webapps/ca/ee/ca/queryCert.template | 4
base/ca/shared/webapps/ca/services.template | 6
base/ca/src/com/netscape/ca/CertificateAuthority.java | 5
base/ca/src/com/netscape/ca/SigningUnit.java | 13
base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 16
base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java | 11
base/common/python/pki/cli.py | 7
base/common/python/pki/client.py | 24
base/common/python/pki/nssdb.py | 533 ++++++
base/common/src/com/netscape/certsrv/apps/CMS.java | 39
base/common/src/com/netscape/certsrv/apps/ICMSEngine.java | 7
base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java | 20
base/common/src/com/netscape/certsrv/cert/CertRequestResource.java | 10
base/common/src/com/netscape/certsrv/client/PKIConnection.java | 20
base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java | 2
base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java | 5
base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java | 31
base/java-tools/man/man1/pki-cert.1 | 23
base/java-tools/man/man1/pki-client.1 | 17
base/java-tools/man/man1/pki-user-cert.1 | 8
base/java-tools/man/man1/pki-user-membership.1 | 84 +
base/java-tools/man/man1/pki.1 | 6
base/java-tools/src/com/netscape/cmstools/PKCS12Export.java | 12
base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java | 184 ++
base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 94 -
base/java-tools/src/com/netscape/cmstools/client/ClientCertShowCLI.java | 168 +-
base/javadoc/CMakeLists.txt | 61
base/kra/shared/conf/CS.cfg.in | 2
base/kra/shared/conf/indextasks.ldif | 31
base/kra/shared/webapps/kra/agent/kra/displayBySerial2.template | 4
base/kra/src/com/netscape/kra/RecoveryService.java | 2
base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java | 107 +
base/kra/src/com/netscape/kra/SecurityDataService.java | 61
base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java | 2
base/native-tools/src/setpin/setpin.c | 59
base/native-tools/src/setpin/setpin_options.c | 7
base/native-tools/src/sslget/sslget.c | 23
base/ocsp/shared/conf/CS.cfg.in | 7
base/ocsp/shared/conf/indextasks.ldif | 31
base/ocsp/src/com/netscape/ocsp/SigningUnit.java | 2
base/server/cms/src/com/netscape/cms/authentication/DirBasedAuthentication.java | 54
base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java | 38
base/server/cms/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java | 17
base/server/cms/src/com/netscape/cms/authentication/UserPwdDirAuthentication.java | 12
base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java | 79 -
base/server/cms/src/com/netscape/cms/realm/PKIRealm.java | 33
base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java | 14
base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java | 67
base/server/cms/src/com/netscape/cms/servlet/cert/CertRequestDAO.java | 15
base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java | 45
base/server/cms/src/com/netscape/cms/servlet/cert/ListCerts.java | 60
base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 36
base/server/cms/src/com/netscape/cms/servlet/common/AuthCredentials.java | 2
base/server/cms/src/com/netscape/cms/servlet/csadmin/AdminPanel.java | 332 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/AuthDBPanel.java | 125 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java | 192 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java | 215 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java | 375 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 115 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java | 296 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 771 ++++++----
base/server/cms/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java | 279 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java | 532 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java | 226 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/DonePanel.java | 313 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java | 194 --
base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java | 340 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java | 145 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/ModulePanel.java | 338 ----
base/server/cms/src/com/netscape/cms/servlet/csadmin/NamePanel.java | 622 --------
base/server/cms/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java | 235 ---
base/server/cms/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java | 144 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java | 482 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/SizePanel.java | 491 ------
base/server/cms/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java | 128 -
base/server/cms/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java | 306 ---
base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java | 85 -
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java | 3
base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 66
base/server/cms/src/com/netscape/cms/servlet/wizard/IWizardPanel.java | 111 -
base/server/cms/src/com/netscape/cms/servlet/wizard/WizardServlet.java | 489 ------
base/server/cms/src/org/dogtagpki/server/rest/SessionContextInterceptor.java | 10
base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 90 -
base/server/cmsbundle/src/UserMessages.properties | 2
base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 230 ++
base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java | 4
base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java | 80 -
base/server/cmscore/src/com/netscape/cmscore/base/LDAPConfigStore.java | 57
base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java | 80 -
base/server/cmscore/src/com/netscape/cmscore/profile/AbstractProfileSubsystem.java | 53
base/server/cmscore/src/com/netscape/cmscore/profile/LDAPProfileSubsystem.java | 202 ++
base/server/cmscore/src/com/netscape/cmscore/security/KeyCertUtil.java | 2
base/server/etc/default.cfg | 12
base/server/man/man1/pkidaemon.1 | 14
base/server/man/man5/pki_default.cfg.5 | 10
base/server/man/man8/pki-server-subsystem.8 | 26
base/server/man/man8/pkispawn.8 | 4
base/server/python/pki/server/__init__.py | 225 ++
base/server/python/pki/server/ca.py | 92 +
base/server/python/pki/server/cli/ca.py | 206 ++
base/server/python/pki/server/cli/instance.py | 28
base/server/python/pki/server/cli/migrate.py | 14
base/server/python/pki/server/cli/nuxwdog.py | 4
base/server/python/pki/server/cli/subsystem.py | 519 +++++-
base/server/python/pki/server/deployment/pkihelper.py | 179 +-
base/server/python/pki/server/deployment/pkimessages.py | 8
base/server/python/pki/server/deployment/pkiparser.py | 66
base/server/python/pki/server/deployment/scriptlets/configuration.py | 132 +
base/server/python/pki/server/deployment/scriptlets/finalization.py | 12
base/server/python/pki/server/deployment/scriptlets/security_databases.py | 12
base/server/python/pki/server/upgrade.py | 3
base/server/sbin/pki-server | 2
base/server/sbin/pkidestroy | 2
base/server/sbin/pkispawn | 41
base/server/share/conf/ciphers.info | 74
base/server/share/webapps/ROOT/index.jsp | 9
base/server/test/com/netscape/cmscore/app/CMSEngineDefaultStub.java | 6
base/server/tomcat7/conf/server.xml | 9
base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java | 5
base/server/tomcat8/conf/server.xml | 9
base/server/tomcat8/src/CMakeLists.txt | 10
base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML | 2
base/tks/shared/conf/CS.cfg.in | 2
base/tks/shared/conf/indextasks.ldif | 31
base/tps/shared/conf/CS.cfg.in | 26
base/tps/shared/conf/indextasks.ldif | 14
base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 2
base/tps/src/org/dogtagpki/server/tps/installer/CAInfoPanel.java | 171 --
base/tps/src/org/dogtagpki/server/tps/installer/DRMInfoPanel.java | 154 -
base/tps/src/org/dogtagpki/server/tps/installer/TKSInfoPanel.java | 150 -
base/tps/src/org/dogtagpki/server/tps/mapping/FilterMappingResolver.java | 17
base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java | 15
base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 12
base/util/src/com/netscape/cmsutil/ldap/LDAPPostReadControl.java | 106 +
base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java | 18
debian/changelog | 16
debian/control | 2
debian/patches/debian-support.diff | 18
debian/patches/series | 2
debian/patches/tomcat7-build-fix.diff | 15
debian/patches/use-root-homedir.diff | 11
debian/patches/use-usr-bin.diff | 28
debian/pki-base.postrm | 1
debian/pki-server.postrm | 11
debian/pki-tools.install | 1
debian/rules | 4
specs/pki-core.spec | 297 +++
161 files changed, 5224 insertions(+), 8782 deletions(-)
New commits:
commit 0a6b96f62b5834e9b999c866d12aa5ef98972d6c
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 19:37:20 2016 +0300
releasing package dogtag-pki version 10.2.6+git20160317-1
diff --git a/debian/changelog b/debian/changelog
index 15f58f1..4ce81c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
+dogtag-pki (10.2.6+git20160317-1) unstable; urgency=medium
* update to current 10_2_6_BRANCH.
- refresh patches
@@ -12,7 +12,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
* pki-server: Remove default.cfg, logs on purge. (Closes: #814636)
* pki-base: Remove pki.conf on purge. (Closes: #804312)
- -- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Tue, 05 Apr 2016 19:37:03 +0300
dogtag-pki (10.2.6-3) unstable; urgency=medium
commit 6487fabbaab19e6514fc73fabf2326e1b83889e1
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 19:35:42 2016 +0300
pki-server: remove /etc/pki/default.cfg on purge
diff --git a/debian/changelog b/debian/changelog
index a8a7ac3..15f58f1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,7 +9,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
* use-root-homedir.diff: Force home_dir to be /root, so that ipa works
right.
* control: Add conflicts on strongswan-pki.
- * pki-server: Remove logs on purge. (Closes: #814636)
+ * pki-server: Remove default.cfg, logs on purge. (Closes: #814636)
* pki-base: Remove pki.conf on purge. (Closes: #804312)
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/pki-server.postrm b/debian/pki-server.postrm
index 6e46024..48e1102 100644
--- a/debian/pki-server.postrm
+++ b/debian/pki-server.postrm
@@ -3,7 +3,8 @@ set -e
if [ "$1" = purge ]; then
- rm -rf /var/log/pki/pki-server*.log
+ rm -f /etc/pki/default.cfg
+ rm -f /var/log/pki/pki-server*.log
rm -rf /var/log/pki/server
fi
commit 034eaa05284f38ae8b36d0c169bcaafe3e9afbb7
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 19:19:18 2016 +0300
pki-base: Remove pki.conf on purge. (Closes: #804312)
diff --git a/debian/changelog b/debian/changelog
index 401094a..a8a7ac3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
right.
* control: Add conflicts on strongswan-pki.
* pki-server: Remove logs on purge. (Closes: #814636)
+ * pki-base: Remove pki.conf on purge. (Closes: #804312)
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/pki-base.postrm b/debian/pki-base.postrm
index 44a2894..26aebfa 100644
--- a/debian/pki-base.postrm
+++ b/debian/pki-base.postrm
@@ -2,6 +2,7 @@
set -e
if [ "$1" = purge ]; then
+ rm -f /etc/pki/pki.conf
rm -f /etc/pki/pki.version
rm -f /var/log/pki/pki-upgrade-*.log
fi
commit c95b53792bc97900a974352a505ad1e2f7de99d9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 17:33:30 2016 +0300
pki-server: Remove logs on purge. (Closes: #814636)
diff --git a/debian/changelog b/debian/changelog
index 4b5e7fa..401094a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
* use-root-homedir.diff: Force home_dir to be /root, so that ipa works
right.
* control: Add conflicts on strongswan-pki.
+ * pki-server: Remove logs on purge. (Closes: #814636)
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/pki-server.postrm b/debian/pki-server.postrm
new file mode 100644
index 0000000..6e46024
--- /dev/null
+++ b/debian/pki-server.postrm
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+
+if [ "$1" = purge ]; then
+ rm -rf /var/log/pki/pki-server*.log
+ rm -rf /var/log/pki/server
+fi
+
+#DEBHELPER#
commit 5deb2c40c874c60d80dc6fccd81451f11bb46108
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 17:29:45 2016 +0300
add use-root-homedir.diff
diff --git a/debian/patches/use-root-homedir.diff b/debian/patches/use-root-homedir.diff
new file mode 100644
index 0000000..1084fee
--- /dev/null
+++ b/debian/patches/use-root-homedir.diff
@@ -0,0 +1,11 @@
+--- a/base/server/python/pki/server/deployment/pkiparser.py
++++ b/base/server/python/pki/server/deployment/pkiparser.py
+@@ -197,7 +197,7 @@ class PKIConfigParser:
+ 'pki_root_prefix': config.pki_root_prefix,
+ 'resteasy_lib': resteasy_lib,
+ 'jni_jar_dir': jni_jar_dir,
+- 'home_dir': os.path.expanduser("~"),
++ 'home_dir': '/root',
+ 'pki_hostname': config.pki_hostname})
+
+ # Make keys case-sensitive!
commit 10e55d4e4fc110fc3ed69df8c332e1fc0b9ed2da
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 5 17:22:49 2016 +0300
control: Add conflicts on strongswan-pki.
diff --git a/debian/changelog b/debian/changelog
index b7232b3..4b5e7fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
* use-usr-bin.diff: Updated.
* use-root-homedir.diff: Force home_dir to be /root, so that ipa works
right.
+ * control: Add conflicts on strongswan-pki.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/control b/debian/control
index 38a8f90..5fcac26 100644
--- a/debian/control
+++ b/debian/control
@@ -114,7 +114,7 @@ Depends:
${misc:Depends},
${python:Depends},
${shlibs:Depends},
-Conflicts: strongswan-starter
+Conflicts: strongswan-starter, strongswan-pki
Description: Certificate System - PKI Tools
This package contains PKI executables that can be used to help make
Certificate System into a more complete and robust PKI solution.
commit 92c7e02f47ddcbded9a22880c738aabea076d051
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 16:05:53 2016 +0300
use-root-homedir.diff: Force home_dir to be /root, so that ipa works right.
diff --git a/debian/changelog b/debian/changelog
index f97653f..b7232b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
- tomcat7-build-fix.diff: Dropped, upstream.
* rules: Mark systemd units disabled by default.
* use-usr-bin.diff: Updated.
+ * use-root-homedir.diff: Force home_dir to be /root, so that ipa works
+ right.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/patches/series b/debian/patches/series
index e8c5f93..1468f55 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ fix-junit-jar.diff
dont-install-deleted-files.diff
use-dot-instead-of-source.diff
use-usr-bin.diff
+use-root-homedir.diff
commit 81282ecac06b25397ad16714aa73412ed0d4ac9e
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 15:43:16 2016 +0300
use-usr-bin.diff: Updated.
diff --git a/debian/changelog b/debian/changelog
index 97394f7..f97653f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
- add pki-user-membership.1 to pki-tools
- tomcat7-build-fix.diff: Dropped, upstream.
* rules: Mark systemd units disabled by default.
+ * use-usr-bin.diff: Updated.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/patches/use-usr-bin.diff b/debian/patches/use-usr-bin.diff
index 955e430..1d7996a 100644
--- a/debian/patches/use-usr-bin.diff
+++ b/debian/patches/use-usr-bin.diff
@@ -49,6 +49,24 @@
"pkcs12",
"-clcerts", // certificate only
"-nokeys",
+@@ -241,7 +241,7 @@ public class ClientCertShowCLI extends C
+ String privateKeyPath) throws Exception {
+
+ String[] command = {
+- "/bin/openssl",
++ "/usr/bin/openssl",
+ "pkcs12",
+ "-nocerts", // private key only
+ "-nodes", // no encryption
+@@ -264,7 +264,7 @@ public class ClientCertShowCLI extends C
+ String clientCertPath) throws Exception {
+
+ String[] command = {
+- "/bin/openssl",
++ "/usr/bin/openssl",
+ "pkcs12",
+ "-clcerts", // client certificate and private key
+ "-nodes", // no encryption
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -3010,7 +3010,7 @@ class KRAConnector:
commit 9a930f57af6992b73499b09ae120b3279bb73b66
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 02:02:28 2016 +0300
update to current 10_2_6 branch, fix stuff
diff --git a/debian/changelog b/debian/changelog
index b16950a..97394f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
-dogtag-pki (10.2.6-4) UNRELEASED; urgency=medium
+dogtag-pki (10.2.6+git20160317-1) UNRELEASED; urgency=medium
+ * update to current 10_2_6_BRANCH.
+ - refresh patches
+ - add pki-user-membership.1 to pki-tools
+ - tomcat7-build-fix.diff: Dropped, upstream.
* rules: Mark systemd units disabled by default.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
diff --git a/debian/patches/debian-support.diff b/debian/patches/debian-support.diff
index 2b0bdc8..141a692 100644
--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -7,7 +7,7 @@ Description: changes for Debian
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
-@@ -150,7 +150,7 @@ pki_source_subsystem_path=/usr/share/pki
+@@ -152,7 +152,7 @@ pki_source_subsystem_path=/usr/share/pki
pki_path=%(pki_root_prefix)s/var/lib/pki
pki_log_path=%(pki_root_prefix)s/var/log/pki
pki_configuration_path=%(pki_root_prefix)s/etc/pki
@@ -16,7 +16,7 @@ Description: changes for Debian
pki_instance_path=%(pki_path)s/%(pki_instance_name)s
pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
-@@ -330,7 +330,7 @@ pki_resteasy_jaxrs_jar=%(resteasy_lib)s/
+@@ -333,7 +333,7 @@ pki_resteasy_jaxrs_jar=%(resteasy_lib)s/
pki_resteasy_jackson_provider_jar=%(resteasy_lib)s/resteasy-jackson-provider.jar
# nuxwdog
@@ -38,14 +38,14 @@ Description: changes for Debian
.PP
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
-@@ -29,7 +29,7 @@ import subprocess
- import pki
+@@ -36,7 +36,7 @@ import pki
+ import pki.nssdb
INSTANCE_BASE_DIR = '/var/lib/pki'
-REGISTRY_DIR = '/etc/sysconfig/pki'
+REGISTRY_DIR = '/etc/dogtag'
SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps']
-
+ SUBSYSTEM_CLASSES = {}
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -58,7 +58,7 @@ Description: changes for Debian
self.mdict['pki_instance_name']
self.mdict['pki_target_tomcat_conf'] = \
os.path.join(
-@@ -1044,10 +1044,10 @@ class PKIConfigParser:
+@@ -1048,10 +1048,10 @@ class PKIConfigParser:
if config.pki_architecture == 64:
self.mdict['NUXWDOG_JNI_PATH_SLOT'] = (
@@ -71,7 +71,7 @@ Description: changes for Debian
# tps parameters
self.mdict['TOKENDB_HOST_SLOT'] = \
-@@ -1313,7 +1313,7 @@ class PKIConfigParser:
+@@ -1317,7 +1317,7 @@ class PKIConfigParser:
instance_root = os.path.join('/var/lib/pki', instance_name)
if not os.path.exists(instance_root):
return data
@@ -276,7 +276,7 @@ Description: changes for Debian
match = re.search("^JAVA_OPTS=\"(.*)\"", line)
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
-@@ -3528,8 +3528,7 @@ class Systemd(object):
+@@ -3495,8 +3495,7 @@ class Systemd(object):
"""
try:
if pki.system.SYSTEM_TYPE == "debian":
@@ -286,7 +286,7 @@ Description: changes for Debian
else:
command = ["systemctl", "disable", "pki-tomcatd.target"]
-@@ -3578,8 +3577,7 @@ class Systemd(object):
+@@ -3545,8 +3544,7 @@ class Systemd(object):
"""
try:
if pki.system.SYSTEM_TYPE == "debian":
diff --git a/debian/patches/series b/debian/patches/series
index 9a08a21..e8c5f93 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,5 @@ fix-symkey-path.diff
fix-format-security-warnings.patch
fix-junit-jar.diff
dont-install-deleted-files.diff
-tomcat7-build-fix.diff
use-dot-instead-of-source.diff
use-usr-bin.diff
diff --git a/debian/patches/tomcat7-build-fix.diff b/debian/patches/tomcat7-build-fix.diff
deleted file mode 100644
index 18960e5..0000000
--- a/debian/patches/tomcat7-build-fix.diff
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
-index 094c056..a01bb7c 100644
---- a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
-+++ b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
-@@ -136,4 +136,10 @@ public class ProxyRealm implements Realm {
- public void removePropertyChangeListener(PropertyChangeListener listener) {
- realm.removePropertyChangeListener(listener);
- }
-+
-+ @Override
-+ public Principal authenticate(String username) {
-+ return realm.authenticate(username);
-+ }
-+
- }
diff --git a/debian/patches/use-usr-bin.diff b/debian/patches/use-usr-bin.diff
index fc670eb..955e430 100644
--- a/debian/patches/use-usr-bin.diff
+++ b/debian/patches/use-usr-bin.diff
@@ -31,7 +31,7 @@
"-i", pkcs12Path,
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertShowCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertShowCLI.java
-@@ -202,7 +202,7 @@ public class ClientCertShowCLI extends C
+@@ -196,7 +196,7 @@ public class ClientCertShowCLI extends C
String nickname) throws Exception {
String[] command = {
@@ -40,18 +40,18 @@
"-d", dbPath,
"-K", dbPassword,
"-o", pkcs12Path,
-@@ -224,7 +224,7 @@ public class ClientCertShowCLI extends C
- String clientCertPath) throws Exception {
+@@ -218,7 +218,7 @@ public class ClientCertShowCLI extends C
+ String certPath) throws Exception {
String[] command = {
- "/bin/openssl",
+ "/usr/bin/openssl",
"pkcs12",
- "-clcerts", // client certificate only
- "-nodes", // no encryption
+ "-clcerts", // certificate only
+ "-nokeys",
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
-@@ -3043,7 +3043,7 @@ class KRAConnector:
+@@ -3010,7 +3010,7 @@ class KRAConnector:
def execute_using_pki(
self, caport, cahost, subsystemnick,
token_pwd, krahost, kraport, critical_failure=False):
@@ -60,7 +60,7 @@
"-p", str(caport),
"-h", cahost,
"-n", subsystemnick,
-@@ -3193,7 +3193,7 @@ class TPSConnector:
+@@ -3160,7 +3160,7 @@ class TPSConnector:
def execute_using_pki(
self, tkshost, tksport, subsystemnick,
token_pwd, tpshost, tpsport, critical_failure=False):
diff --git a/debian/pki-tools.install b/debian/pki-tools.install
index aa794eb..0d8b2a8 100644
--- a/debian/pki-tools.install
+++ b/debian/pki-tools.install
@@ -36,6 +36,7 @@ usr/share/man/man1/pki-securitydomain.1
usr/share/man/man1/pki-tps-profile.1
usr/share/man/man1/pki-user.1
usr/share/man/man1/pki-user-cert.1
+usr/share/man/man1/pki-user-membership.1
usr/share/man/man1/pki.1
usr/share/pki/java-tools/
usr/share/pki/native-tools/
commit 158d467e0f7803544465612ea359714dddc70573
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 01:37:51 2016 +0300
rules: Mark systemd units disabled by default.
diff --git a/debian/changelog b/debian/changelog
index 6ca2b91..b16950a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dogtag-pki (10.2.6-4) UNRELEASED; urgency=medium
+
+ * rules: Mark systemd units disabled by default.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Tue, 29 Mar 2016 01:37:37 +0300
+
dogtag-pki (10.2.6-3) unstable; urgency=medium
* pki-base.postrm: Remove upgrade logs on purge. (Closes: #801139)
diff --git a/debian/rules b/debian/rules
index 70102c8..ba02480 100755
--- a/debian/rules
+++ b/debian/rules
@@ -119,6 +119,10 @@ override_dh_auto_install:
override_dh_installinit:
dh_installinit -ppki-server --name=pki-tomcatd --error-handler=invoke_failure
+override_dh_systemd_enable:
+ dh_systemd_enable -ppki-server --no-enable pki-tomcatd at .service
+ dh_systemd_enable -ppki-server --no-enable pki-tomcatd-nuxwdog at .service
+
override_dh_install:
# we don't use these
rm -rf $(CURDIR)/debian/tmp/etc/rc.d
commit e8daf1a7476682ad19bd736d81a5142a78560663
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Thu Mar 17 15:37:51 2016 -0600
Inserted Fedora 22 specific dependencies into 'pki-core.spec' (Dogtag 10.2.6)
to be in sync with Fedora 22 in Koji.
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 51416f9..565b4b5 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -122,9 +122,13 @@ BuildRequires: tomcatjss >= 7.1.0-6
%if 0%{?fedora} >= 23
BuildRequires: tomcatjss >= 7.1.3
%else
+%if 0%{?fedora} == 22
+BuildRequires: tomcatjss >= 7.1.2-2
+%else
BuildRequires: tomcatjss >= 7.1.2
%endif
%endif
+%endif
# additional build requirements needed to build native 'tpsclient'
@@ -406,7 +410,9 @@ Requires: jpackage-utils >= 0:1.7.5-10
%if 0%{?fedora} >= 23
Requires: tomcat-servlet-3.1-api >= 8.0.32
%else
-%if 0%{?fedora} >= 22
+%if 0%{?fedora} == 22
+Requires: tomcat-servlet-3.0-api >= 7.0.68
+%else
Requires: tomcat-servlet-3.0-api
%endif
%endif
@@ -471,12 +477,19 @@ Requires: tomcat-el-3.0-api >= 8.0.32
Requires: tomcat-jsp-2.3-api >= 8.0.32
Requires: tomcat-servlet-3.1-api >= 8.0.32
%else
+%if 0%{?fedora} == 22
+Requires: tomcat >= 7.0.68
+Requires: tomcat-el-2.2-api >= 7.0.68
+Requires: tomcat-jsp-2.2-api >= 7.0.68
+Requires: tomcat-servlet-3.0-api >= 7.0.68
+%else
Requires: tomcat >= 7.0.47
Requires: tomcat-el-2.2-api
Requires: tomcat-jsp-2.2-api
Requires: tomcat-servlet-3.0-api
%endif
%endif
+%endif
Requires: velocity
Requires(post): systemd-units
@@ -490,9 +503,13 @@ Requires: tomcatjss >= 7.1.0-6
%if 0%{?fedora} >= 23
Requires: tomcatjss >= 7.1.3
%else
+%if 0%{?fedora} == 22
+Requires: tomcatjss >= 7.1.2-2
+%else
Requires: tomcatjss >= 7.1.2
%endif
%endif
+%endif
%description -n pki-server
The PKI Server Framework is required by the following four PKI subsystems:
commit d388b08bc354e456e0571dcfae6ecd67e097ec26
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Thu Mar 17 15:26:14 2016 -0600
Changed 'pki-core.spec' (Dogtag 10.2.6) to be in sync with Fedora 23 in Koji.
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 61a01e2..51416f9 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -9,7 +9,6 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%define with_tomcat7 0
%define with_tomcat8 1
%else
-# 0%{?rhel} || 0%{?fedora} <= 22
%define with_tomcat7 1
%define with_tomcat8 0
%endif
@@ -18,7 +17,6 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%if 0%{?rhel}
%define resteasy_lib /usr/share/java/resteasy-base
%else
-# 0%{?fedora}
%define resteasy_lib /usr/share/java/resteasy
%endif
@@ -40,7 +38,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: pki-core
Version: 10.2.6
-Release: 13%{?dist}
+Release: 16%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -202,6 +200,18 @@ Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{version}/%{
#Patch39: pki-core-Replaced-legacy-HttpClient.patch
## pki-core-10.2.6-12
#Patch40: pki-core-Added-automatic-Tomcat-migration.patch
+## pki-core-10.2.6-13
+#Patch41: pki-core-sslget-must-set-host-HTTP-header.patch
+## pki-core-10.2.6-14
+#Patch42: pki-core-Profile-creation-LDAPProfileSubsystem-can-fail-due-to-race-condition.patch
+#Patch43: pki-core-Block-startup-until-initial-profile-load-completed.patch
+## pki-core-10.2.6-15
+#Patch44: pki-core-Added-support-for-existing-CA-case-CS9.patch
+#Patch45: pki-core-Fixed-mismatching-certificate-validity-calculation.patch
+#Patch46: pki-core-Fix-to-determine-supported-javadoc-options.patch
+## pki-core-10.2.6-16
+#Patch47: pki-core-Modify-dnsdomainname-test-in-pkispawn.patch
+#Patch48: pki-core-Build-with-Tomcat-8.0.32.patch
%global saveFileContext() \
if [ -s /etc/selinux/config ]; then \
@@ -394,7 +404,7 @@ Requires: java-headless >= 1:1.7.0
Requires: pki-base = %{version}-%{release}
Requires: jpackage-utils >= 0:1.7.5-10
%if 0%{?fedora} >= 23
-Requires: tomcat-servlet-3.1-api
+Requires: tomcat-servlet-3.1-api >= 8.0.32
%else
%if 0%{?fedora} >= 22
Requires: tomcat-servlet-3.0-api
@@ -455,12 +465,13 @@ Obsoletes: pki-selinux
%if 0%{?rhel}
Requires: tomcat >= 7.0.54
%else
-Requires: tomcat >= 7.0.47
%if 0%{?fedora} >= 23
-Requires: tomcat-el-3.0-api
-Requires: tomcat-jsp-2.3-api
-Requires: tomcat-servlet-3.1-api
+Requires: tomcat >= 8.0.32
+Requires: tomcat-el-3.0-api >= 8.0.32
+Requires: tomcat-jsp-2.3-api >= 8.0.32
+Requires: tomcat-servlet-3.1-api >= 8.0.32
%else
+Requires: tomcat >= 7.0.47
Requires: tomcat-el-2.2-api
Requires: tomcat-jsp-2.2-api
Requires: tomcat-servlet-3.0-api
@@ -745,6 +756,14 @@ This package is a part of the PKI Core used by the Certificate System.
#%patch38 -p1
#%patch39 -p1
#%patch40 -p1
+#%patch41 -p1
+#%patch42 -p1
+#%patch43 -p1
+#%patch44 -p1
+#%patch45 -p1
+#%patch46 -p1
+#%patch47 -p1
+#%patch48 -p1
%clean
%{__rm} -rf %{buildroot}
@@ -1098,12 +1117,33 @@ systemctl daemon-reload
%endif # %{with server}
%changelog
-* Thu Feb 4 2016 Dogtag Team <pki-devel at redhat.com> 10.2.6-13
+* Mon Mar 14 2016 Dogtag Team <pki-devel at redhat.com> 10.2.6-16
+- Modify dnsdomainname test in pkispawn
+- PKI TRAC Ticket #2222 - Add missing tomcat-api.jar to javac classpath
+- Updated tomcat dependencies to >= 8.0.32 on F23 and later
+
+* Tue Feb 23 2016 Dogtag Team <pki-devel at redhat.com> 10.2.6-15
- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps
- should be removed
+ should be removed [mharmsen]
+- PKI TRAC Ticket #456 - The user have a chance to import own CA certificate
+ with private key [edewata]
+- PKI TRAC Ticket #1681 - pkispawn: External CA option: allow shutdown and
+ restart between phase 1 and 2 [edewata]
+- PKI TRAC Ticket #1682 - Mismatching certificate validity calculation
+ [edewata]
+- PKI TRAC Ticket #2040 - Determine supported javadoc options [mharmsen]
+
+* Thu Jan 21 2016 Dogtag Team <pki-devel at redhat.com> 10.2.6-14
+- PKI TRAC Ticket #1700 - Profile creation (LDAPProfileSubsystem) can fail
+ due to race condition [ftweedal]
+- PKI TRAC Ticket #1702 - getStatus reports ready before LDAPProfileSubsystem
+ has loaded all profiles [ftweedal]
+
+* Tue Dec 15 2015 Dogtag Team <pki-devel at redhat.com> 10.2.6-13
+- PKI TRAC Ticket #1704 - sslget must set host HTTP header [cheimes]
* Fri Oct 30 2015 Dogtag Team <pki-devel at redhat.com> 10.2.6-12
-- PKI TRAC Ticket #1310 - Auto migration to Tomcat 8
+- PKI TRAC Ticket #1310 - Auto migration to Tomcat 8 [edewata]
* Fri Oct 23 2015 Dogtag Team <pki-devel at redhat.com> 10.2.6-11
- PKI TRAC Ticket #1120 - Removed unused WizardServlet [edewata]
commit 7638c5af03e50c4a59a2f7a2c96483bfae27045c
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 15 17:43:10 2016 -0600
Build using tomcat 7.0.68 on F22
diff --git a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
index 094c056..c5e845b 100644
--- a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
+++ b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
@@ -60,6 +60,11 @@ public class ProxyRealm implements Realm {
}
@Override
+ public Principal authenticate(String username) {
+ return realm.authenticate(username);
+ }
+
+ @Override
public Principal authenticate(String username, String password) {
return realm.authenticate(username, password);
}
commit a7055d92466463d444da83db94c7b775a33e6aa0
Author: Christian Heimes <cheimes at redhat.com>
Date: Thu Feb 25 12:33:34 2016 +0100
pki-tomcat8 needs tomcat-api.jar to compile
Tomcat 8.0.32 has moved org.apache.tomcat.ContextBind into
tomcat-api.jar. Add tomcat-api.jar to javac classpath to compile pki
with latest Tomcat.
https://fedorahosted.org/pki/attachment/ticket/2222
(cherry picked from commit 263dc2152640a95c8ca9b2829e74cce3a877f077)
diff --git a/base/server/tomcat8/src/CMakeLists.txt b/base/server/tomcat8/src/CMakeLists.txt
index a2badac..74d789b 100644
--- a/base/server/tomcat8/src/CMakeLists.txt
+++ b/base/server/tomcat8/src/CMakeLists.txt
@@ -44,6 +44,13 @@ find_file(TOMCAT_CATALINA_JAR
/usr/share/java/tomcat
)
+find_file(TOMCAT_API_JAR
+ NAMES
+ tomcat-api.jar
+ PATHS
+ /usr/share/java/tomcat
+)
+
find_file(TOMCAT_UTIL_SCAN_JAR
NAMES
tomcat-util-scan.jar
@@ -123,7 +130,8 @@ javac(pki-tomcat8-classes
SOURCES
com/netscape/cms/tomcat/*.java
CLASSPATH
- ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_SCAN_JAR}
+ ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_SCAN_JAR} ${TOMCAT_API_JAR}
+ ${CMAKE_BINARY_DIR}/../../tomcat
OUTPUT_DIR
${CMAKE_BINARY_DIR}/../../tomcat
)
commit 795465f8620a0a10092435dce46e4cff93dbc20a
Author: Ade Lee <alee at redhat.com>
Date: Mon Mar 14 16:52:48 2016 -0400
Modify dnsdomainname test in pkispawn
We do a check for the dnsdomainname, which fails in Openstack
CI because this is not set. Instead of exiting, default to
the hostname.
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index cc91021..c68a40d 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -70,7 +70,7 @@ PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 = \
PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 = \
"Directory '%s' is either missing or is NOT a directory!"
PKI_DNS_DOMAIN_NOT_SET = \
- "A valid DNS domain name MUST be established to use PKI services!"
+ "DNS domain name has not been set - using the hostname instead."
PKI_FILE_ALREADY_EXISTS_1 = "File '%s' already exists!"
PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 = \
"File '%s' already exists BUT it is NOT a file!"
diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy
index abc11dc..459b755 100755
--- a/base/server/sbin/pkidestroy
+++ b/base/server/sbin/pkidestroy
@@ -91,7 +91,7 @@ def main(argv):
config.pki_dns_domainname = str(dnsdomainname).rstrip('\n')
if not len(config.pki_dns_domainname):
print log.PKI_DNS_DOMAIN_NOT_SET
- sys.exit(1)
+ config.pki_dns_domainname = config.pki_hostname
except subprocess.CalledProcessError as exc:
print log.PKI_SUBPROCESS_ERROR_1 % exc
sys.exit(1)
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index 7ab11a5..f362b9e 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -92,7 +92,7 @@ def main(argv):
config.pki_dns_domainname = str(dnsdomainname).rstrip('\n')
if not len(config.pki_dns_domainname):
print log.PKI_DNS_DOMAIN_NOT_SET
- sys.exit(1)
+ config.pki_dns_domainname = config.pki_hostname
except subprocess.CalledProcessError as exc:
print log.PKI_SUBPROCESS_ERROR_1 % exc
sys.exit(1)
commit 7f2e9f9d2619bf1b57642abc23d84a745617c499
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Feb 2 03:32:50 2016 +0100
Fixed KRA installation.
Due to a recent change the KRA installation failed because the
installer was trying to read the pki_external_csr_path parameter
which is not available for KRA installation. The installer has
been fixed to read the parameter in external CA case only.
https://fedorahosted.org/pki/ticket/456
(cherry picked from commit d42f39334ce4b4f5fa89707bfb6145039ff04579)
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 07a5ce4..e859139 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -492,7 +492,6 @@ class ConfigurationFile:
self.external = config.str2bool(self.mdict['pki_external'])
self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two'])
self.external_step_two = not self.external_step_one
- self.external_csr_path = self.mdict['pki_external_csr_path']
if self.external:
# generic extension support in CSR - for external CA
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 54f1c6e..e7b257f 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -96,7 +96,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
external = deployer.configuration_file.external
step_one = deployer.configuration_file.external_step_one
More information about the Pkg-freeipa-devel
mailing list