diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-08-11 10:53:44 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-08-11 10:53:44 -0400 |
commit | 5fdca53a8d70b621481100998ef863f8eabce2f9 (patch) | |
tree | caeaba57698e2043c2ec6579da6774c36cca1ec2 | |
parent | 6d00227616d902a5ba233a74791aa1be9632cd26 (diff) | |
download | pki-dev-5fdca53a8d70b621481100998ef863f8eabce2f9.tar.gz pki-dev-5fdca53a8d70b621481100998ef863f8eabce2f9.tar.xz pki-dev-5fdca53a8d70b621481100998ef863f8eabce2f9.zip |
Updated cleanup script.
-rw-r--r-- | scripts/ca-clone.cfg | 231 | ||||
-rwxr-xr-x | scripts/ca-debug.sh | 8 | ||||
-rw-r--r-- | scripts/ca.cfg | 4 | ||||
-rwxr-xr-x | scripts/caclone-create.sh | 2 | ||||
-rwxr-xr-x | scripts/caclone-remove.sh | 13 | ||||
-rwxr-xr-x | scripts/core-build.sh | 4 | ||||
-rwxr-xr-x | scripts/firefox-certs-remove.sh | 9 | ||||
-rwxr-xr-x | scripts/kra-java-test.sh | 11 | ||||
-rwxr-xr-x | scripts/kra-python-test.sh | 30 | ||||
-rwxr-xr-x | scripts/kra-remove.sh | 6 | ||||
-rwxr-xr-x | scripts/newtps-create.sh | 3 | ||||
-rwxr-xr-x | scripts/newtps-remove.sh | 5 | ||||
-rwxr-xr-x | scripts/ocsp-remove.sh | 3 | ||||
-rwxr-xr-x | scripts/pki-nuke.sh (renamed from scripts/nuke.sh) | 2 | ||||
-rwxr-xr-x | scripts/ra-build.sh | 20 | ||||
-rwxr-xr-x | scripts/theme-build.sh | 20 | ||||
-rwxr-xr-x | scripts/tks-create-shared.sh | 5 | ||||
-rwxr-xr-x | scripts/tks-remove.sh | 3 | ||||
-rwxr-xr-x | scripts/tks-start.sh | 3 | ||||
-rwxr-xr-x | scripts/tomcat-debug.sh | 7 | ||||
-rwxr-xr-x | scripts/tps-create.sh | 14 | ||||
-rwxr-xr-x | scripts/tps-remove.sh | 9 | ||||
-rw-r--r-- | scripts/tps.cfg | 2 |
23 files changed, 77 insertions, 337 deletions
diff --git a/scripts/ca-clone.cfg b/scripts/ca-clone.cfg deleted file mode 100644 index 8c7697e..0000000 --- a/scripts/ca-clone.cfg +++ /dev/null @@ -1,231 +0,0 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email=caadmin@example.com -pki_admin_keysize=2048 -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_subject_dn= -pki_admin_uid=caadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= -pki_client_database_purge=False -pki_client_dir= -pki_ds_base_dn=dc=ca-clone,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=9009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=9080 -pki_https_port=9443 -pki_instance_name=ca-clone -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=false -pki_tomcat_server_port=9005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -pki_war_file=ca.war -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -pki_war_file=kra.war -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -pki_war_file=ocsp.war -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -pki_war_file=tks.war -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/scripts/ca-debug.sh b/scripts/ca-debug.sh deleted file mode 100755 index fc8c67f..0000000 --- a/scripts/ca-debug.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -x - -INSTANCE_NAME=pki-tomcat -FILE=/etc/sysconfig/pki-tomcat - -# semanage port -a -t http_port_t -p tcp 8000 -sed 's/^#\(JAVA_OPTS="-Xdebug.*\)$/\1/' < $FILE > $FILE.tmp -mv $FILE.tmp $FILE diff --git a/scripts/ca.cfg b/scripts/ca.cfg index c926eba..49a0c7a 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -4,13 +4,15 @@ pki_admin_name=caadmin pki_admin_nickname=caadmin pki_admin_password=Secret123 pki_admin_uid=caadmin +pki_backup_keys=True pki_backup_password=Secret123 pki_client_database_password=Secret123 pki_client_database_purge=False pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_database=ca pki_ds_password=Secret123 pki_security_domain_name=EXAMPLE pki_token_password=Secret123 +#pki_skip_configuration=True + diff --git a/scripts/caclone-create.sh b/scripts/caclone-create.sh index 7a3bf12..1499442 100755 --- a/scripts/caclone-create.sh +++ b/scripts/caclone-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f ca-clone.cfg -s CA -v +pkispawn -f caclone.cfg -s CA 2>&1 | tee build/ca-create.log diff --git a/scripts/caclone-remove.sh b/scripts/caclone-remove.sh index cedd353..2f5640b 100755 --- a/scripts/caclone-remove.sh +++ b/scripts/caclone-remove.sh @@ -1,13 +1,6 @@ -#!/bin/sh -x +#!/bin/sh SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=pki-clone +INSTANCE_NAME=pki-tomcat -pkidestroy -s CA -i $INSTANCE_NAME - -rm -rf /etc/pki/$INSTANCE_NAME -rm -rf /etc/sysconfig/$INSTANCE_NAME -rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE_NAME -rm -rf /var/lib/pki/$INSTANCE_NAME -rm -rf /var/log/pki/$INSTANCE_NAME -rm -rf $SRC_DIR/certs/$INSTANCE_NAME +pkidestroy -v -s CA -i $INSTANCE_NAME diff --git a/scripts/core-build.sh b/scripts/core-build.sh index 1302f62..393f1c0 100755 --- a/scripts/core-build.sh +++ b/scripts/core-build.sh @@ -11,8 +11,8 @@ cd $BUILD_DIR rm -rf rpmbuild mkdir -p rpmbuild -$COMPOSE --work-dir $BUILD_DIR/rpmbuild --without-javadoc hybrid_rpms 2>&1 | tee build.log -#$COMPOSE --work-dir $BUILD_DIR/rpmbuild hybrid_rpms 2>&1 | tee build.log +#$COMPOSE --work-dir $BUILD_DIR/rpmbuild --without-javadoc hybrid_rpms 2>&1 | tee build.log +$COMPOSE --work-dir $BUILD_DIR/rpmbuild hybrid_rpms 2>&1 | tee build.log rm -rf repo mkdir -p repo diff --git a/scripts/firefox-certs-remove.sh b/scripts/firefox-certs-remove.sh index 3b30874..13ca950 100755 --- a/scripts/firefox-certs-remove.sh +++ b/scripts/firefox-certs-remove.sh @@ -22,6 +22,15 @@ certutil -D -n "ocspadmin" -d . certutil -D -n "tksadmin" -d . certutil -D -n "Server-Cert cert-$CA_INSTANCE_NAME" -d . certutil -D -n "caSigningCert cert-$CA_INSTANCE_NAME CA" -d . +certutil -D -n "TPS Administrator of Instance pki-tomcat's EXAMPLE ID" -d . +certutil -D -n "CA Administrator of Instance pki-tomcat's IdmLabBosRedhat Domain ID" -d . +certutil -D -n "RA Administrator's EXAMPLE ID" -d . +certutil -D -n "Certificate Authority - IdmLabBosRedhat Domain" -d . certutil -D -n "$HOSTNAME" -d . certutil -D -n "$HOSTNAME #2" -d . certutil -D -n "$HOSTNAME #3" -d . +certutil -D -n "$HOSTNAME #4" -d . +certutil -D -n "$HOSTNAME #5" -d . +certutil -D -n "$HOSTNAME #6" -d . +certutil -D -n "$HOSTNAME #7" -d . +certutil -D -n "$HOSTNAME #8" -d . diff --git a/scripts/kra-java-test.sh b/scripts/kra-java-test.sh index 148046f..3a0e5a1 100755 --- a/scripts/kra-java-test.sh +++ b/scripts/kra-java-test.sh @@ -1,17 +1,18 @@ -#!/bin/sh -x +#!/bin/sh SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=kra-master -CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/kra/certs +INSTANCE_NAME=pki-tomcat +CLIENT_CERT_DIR=~/.dogtag/pki-tomcat/ca/alias CLASSPATH=$SRC_DIR/pki/build/classes CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-logging.jar CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-lang.jar +CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-io.jar CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-commons-httpclient.jar -CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar +CLASSPATH=$CLASSPATH:/usr/lib/java/jss4.jar CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpclient.jar CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpcore.jar CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/jaxrs-api.jar @@ -20,4 +21,4 @@ CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxrs.jar CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxb-provider.jar CLASSPATH=$CLASSPATH:/usr/share/java/servlet.jar -java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 12443 -s true -d $CLIENT_CERT_DIR -w Secret123 -c kraadmin +java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 8443 -s true -d $CLIENT_CERT_DIR -w Secret123 -c caadmin diff --git a/scripts/kra-python-test.sh b/scripts/kra-python-test.sh index 403ce26..ba93e8f 100755 --- a/scripts/kra-python-test.sh +++ b/scripts/kra-python-test.sh @@ -2,29 +2,27 @@ SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=kra-master +INSTANCE_NAME=pki-tomcat SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME -CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/kra/certs -CERT_NAME="transportCert cert-$INSTANCE_NAME" +CLIENT_CERT_DIR=~/.dogtag/$INSTANCE_NAME +CERT_NAME="transportCert cert-$INSTANCE_NAME KRA" -CLASSPATH=$SRC_DIR/pki/build/classes -CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar -CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar -CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar +# export admin certificate +rm -rf /tmp/auth.pem +openssl pkcs12 -in $CLIENT_CERT_DIR/ca_admin_cert.p12 -out /tmp/auth.pem -nodes -passin pass:Secret123 -#echo Secret123 > $CLIENT_CERT_DIR/password.txt -#certutil -N -d $CLIENT_CERT_DIR -f $CLIENT_CERT_DIR/password.txt +# create client database +rm -rf /tmp/drmtest-certdb +mkdir -p /tmp/drmtest-certdb +certutil -N -d /tmp/drmtest-certdb -f $CLIENT_CERT_DIR/ca/password.conf +chmod -R +r /tmp/drmtest-certdb # export transport certificate -certutil -L -d $SERVER_CERT_DIR/alias -n "$CERT_NAME" -a > $CLIENT_CERT_DIR/transport.pem -AtoB $CLIENT_CERT_DIR/transport.pem $CLIENT_CERT_DIR/transport.crt +#certutil -L -d $SERVER_CERT_DIR/alias -n "$CERT_NAME" -a > transport.pem # import transport certificate -certutil -A -d $CLIENT_CERT_DIR -n "$CERT_NAME" -i $CLIENT_CERT_DIR/transport.pem -t u,u,u - -# generate options -java -classpath $CLASSPATH com.netscape.cms.servlet.test.GeneratePKIArchiveOptions -d $CLIENT_CERT_DIR -k $CLIENT_CERT_DIR/symkey.out -o $CLIENT_CERT_DIR/options.out -t $CLIENT_CERT_DIR/transport.crt -w Secret123 +#certutil -A -d /tmp/drmtest-certdb -n "kra transport cert" -i transport.pem -a -t "u,u,u" # run KRA test cd $SRC_DIR/pki/base/kra/functional -python drmclient.py -d $CLIENT_CERT_DIR --options=options.out --symkey=symkey.out -p 12080 -n "$CERT_NAME" +python drmtest.py diff --git a/scripts/kra-remove.sh b/scripts/kra-remove.sh index 9a9ba46..2555def 100755 --- a/scripts/kra-remove.sh +++ b/scripts/kra-remove.sh @@ -1,6 +1,8 @@ #!/bin/sh -x SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=kra-master +INSTANCE_NAME=pki-tomcat +#INSTANCE_NAME=kra-master -pkidestroy -v -s KRA -i $INSTANCE_NAME -u caadmin -W password +pkidestroy -v -s KRA -i $INSTANCE_NAME +#pkidestroy -v -s KRA -i $INSTANCE_NAME -u caadmin -W password diff --git a/scripts/newtps-create.sh b/scripts/newtps-create.sh deleted file mode 100755 index caa6554..0000000 --- a/scripts/newtps-create.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -pkispawn -f tps.cfg -s TPS -vvv 2>&1 | tee build/tps-create.log diff --git a/scripts/newtps-remove.sh b/scripts/newtps-remove.sh deleted file mode 100755 index 67c3892..0000000 --- a/scripts/newtps-remove.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -x - -pkidestroy -v -s TPS -i pki-tomcat -#pkidestroy -v -s TPS -i ca-master -#pkidestroy -v -s TPS -i tps-master diff --git a/scripts/ocsp-remove.sh b/scripts/ocsp-remove.sh index 04403ff..5ab22b8 100755 --- a/scripts/ocsp-remove.sh +++ b/scripts/ocsp-remove.sh @@ -1,6 +1,7 @@ #!/bin/sh -x SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=ocsp-master +INSTANCE_NAME=pki-tomcat +#INSTANCE_NAME=ocsp-master pkidestroy -v -s OCSP -i $INSTANCE_NAME diff --git a/scripts/nuke.sh b/scripts/pki-nuke.sh index 5a12858..582154d 100755 --- a/scripts/nuke.sh +++ b/scripts/pki-nuke.sh @@ -3,7 +3,7 @@ INSTANCE_NAME=$1 if [ "$INSTANCE_NAME" == "" ]; then - echo "usage: nuke.sh <instance name>" + echo "usage: pki-nuke.sh <instance name>" exit 1 fi diff --git a/scripts/ra-build.sh b/scripts/ra-build.sh index ec096d6..b42e537 100755 --- a/scripts/ra-build.sh +++ b/scripts/ra-build.sh @@ -1,21 +1,19 @@ #!/bin/sh -x -WORK_DIR=`pwd` PROJECT_DIR=`cd ../.. ; pwd` -COMPONENT=ra -mkdir -p $WORK_DIR/build -rm -rf $WORK_DIR/build/$COMPONENT +BUILD_DIR=$HOME/build/pki-ra +COMPOSE=$PROJECT_DIR/pki/scripts/compose_pki_ra_packages -cd $PROJECT_DIR -rm -rf packages -mkdir -p packages +mkdir -p $BUILD_DIR +cd $BUILD_DIR -pki/scripts/compose_pki_${COMPONENT}_packages rpms 2>&1 | tee packages/build.log +rm -rf rpmbuild +mkdir -p rpmbuild -mv packages $WORK_DIR/build/$COMPONENT -cd $WORK_DIR/build/$COMPONENT +$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log +rm -rf repo mkdir -p repo -mv `find RPMS -name *.rpm` repo +mv `find rpmbuild/RPMS -name *.rpm` repo createrepo repo diff --git a/scripts/theme-build.sh b/scripts/theme-build.sh index 71c4110..393d493 100755 --- a/scripts/theme-build.sh +++ b/scripts/theme-build.sh @@ -1,21 +1,19 @@ #!/bin/sh -x -WORK_DIR=`pwd` PROJECT_DIR=`cd ../.. ; pwd` -COMPONENT=theme -mkdir -p $WORK_DIR/build -rm -rf $WORK_DIR/build/$COMPONENT +BUILD_DIR=$HOME/build/pki-theme +COMPOSE=$PROJECT_DIR/pki/scripts/compose_dogtag_pki_theme_packages -cd $PROJECT_DIR -rm -rf packages -mkdir -p packages +mkdir -p $BUILD_DIR +cd $BUILD_DIR -pki/scripts/compose_dogtag_pki_${COMPONENT}_packages rpms | tee packages/build.log +rm -rf rpmbuild +mkdir -p rpmbuild -mv packages $WORK_DIR/build/$COMPONENT -cd $WORK_DIR/build/$COMPONENT +$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log +rm -rf repo mkdir -p repo -mv `find RPMS -name *.rpm` repo +mv `find rpmbuild/RPMS -name *.rpm` repo createrepo repo diff --git a/scripts/tks-create-shared.sh b/scripts/tks-create-shared.sh deleted file mode 100755 index 0ad9748..0000000 --- a/scripts/tks-create-shared.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -INSTANCE_DIR=/var/lib/pki/tks-master -grep "internal=" $INSTANCE_DIR/conf/password.conf | sed "s/internal=//" > $INSTANCE_DIR/conf/internal.txt -tkstool -T -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt diff --git a/scripts/tks-remove.sh b/scripts/tks-remove.sh index 8980613..f23f578 100755 --- a/scripts/tks-remove.sh +++ b/scripts/tks-remove.sh @@ -1,6 +1,7 @@ #!/bin/sh -x SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=tks-master +INSTANCE_NAME=pki-tomcat +#INSTANCE_NAME=tks-master pkidestroy -v -s TKS -i $INSTANCE_NAME diff --git a/scripts/tks-start.sh b/scripts/tks-start.sh index e1405a5..5ecd4fb 100755 --- a/scripts/tks-start.sh +++ b/scripts/tks-start.sh @@ -1,5 +1,6 @@ #!/bin/sh -x -INSTANCE_NAME=tks-master +#INSTANCE_NAME=tks-master +INSTANCE_NAME=pki-tomcat systemctl start pki-tomcatd@$INSTANCE_NAME.service diff --git a/scripts/tomcat-debug.sh b/scripts/tomcat-debug.sh index 187a2c0..b015ac8 100755 --- a/scripts/tomcat-debug.sh +++ b/scripts/tomcat-debug.sh @@ -1,8 +1,11 @@ #!/bin/sh -x INSTANCE_NAME=pki-tomcat -FILE=/etc/sysconfig/$INSTANCE_NAME +FILE=/etc/sysconfig/pki-tomcat # semanage port -a -t http_port_t -p tcp 8000 -sed 's/^#\(JAVA_OPTS="-Xdebug.*\)$/\1/' < $FILE > $FILE.tmp +#sed 's/^#\(JAVA_OPTS="-Xdebug.*\)$/\1/' < $FILE > $FILE.tmp + +sed 's/^\(JAVA_OPTS=".*\)"$/\1 -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n -Djava.awt.headless=true -Xmx128M"/' < $FILE > $FILE.tmp + mv $FILE.tmp $FILE diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh index 24e444c..caa6554 100755 --- a/scripts/tps-create.sh +++ b/scripts/tps-create.sh @@ -1,15 +1,3 @@ #!/bin/sh -x -. ./tps-include.sh - -pkicreate -pki_instance_root=$INSTANCE_ROOT \ - -pki_instance_name=$TPS_INSTANCE_NAME \ - -subsystem_type=$TPS_SUBSYSTEM_TYPE \ - -secure_port=$TPS_SECURE_PORT \ - -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \ - -unsecure_port=$TPS_UNSECURE_PORT \ - -user=$INSTANCE_USER \ - -group=$INSTANCE_GROUP \ - -redirect conf=/etc/$TPS_INSTANCE_NAME \ - -redirect logs=/var/log/$TPS_INSTANCE_NAME \ - -verbose +pkispawn -f tps.cfg -s TPS -vvv 2>&1 | tee build/tps-create.log diff --git a/scripts/tps-remove.sh b/scripts/tps-remove.sh index 8d6848d..67c3892 100755 --- a/scripts/tps-remove.sh +++ b/scripts/tps-remove.sh @@ -1,8 +1,5 @@ #!/bin/sh -x -. ./tps-include.sh - -pkiremove -pki_instance_root=$INSTANCE_ROOT \ - -pki_instance_name=$TPS_INSTANCE_NAME \ - -force \ - -verbose +pkidestroy -v -s TPS -i pki-tomcat +#pkidestroy -v -s TPS -i ca-master +#pkidestroy -v -s TPS -i tps-master diff --git a/scripts/tps.cfg b/scripts/tps.cfg index 319f342..c1ccf70 100644 --- a/scripts/tps.cfg +++ b/scripts/tps.cfg @@ -19,4 +19,4 @@ pki_security_domain_password=Secret123 pki_token_password=Secret123 pki_authdb_basedn=dc=ca,dc=example,dc=com pki_authdb_port=389 -pki_enable_server_side_keygen=False +pki_enable_server_side_keygen=True |