pki.git/base/deploy/src/scriptlets/pkiconfig.py, branch ticket-309 Unnamed repository; edit this file 'description' to name the repository. Added pki_tomcat_cert_t type and interface to access it 2012-10-10T04:34:12+00:00 Ade Lee alee@redhat.com 2012-10-10T04:16:57+00:00 c494bd03f8f4f82a4c06457dfc301a606b89e2dc Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t 
Added permissions to certmonger to access the certdb.  Also added
some missing selinux permissions for pki_tomcat_t
selinux policy changes to use standard ports 2012-07-31T20:36:04+00:00 Ade Lee alee@redhat.com 2012-07-31T04:45:47+00:00 cff349cd4d2175eb920f9cab4998b4c3bfd0550a Selinux policy has been changed to use standard tomcat ports. Corresponding changes have been made in the pki-deploy scripts. Minor change in config script for password check. 
Selinux policy has been changed to use standard tomcat ports. Corresponding
changes have been made in the pki-deploy scripts.

Minor change in config script for password check.
PKI Deployment Scriptlets 2012-07-31T03:51:19+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-29T01:59:30+00:00 f589cc1e267d6d7b67a6463b4495b7a9c982669f * TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . . 
* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .
PKI Deployment Scriptlets 2012-07-25T21:19:38+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-24T18:28:29+00:00 14243746edd14be2564b625c4a940c4723c168f1 * PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent subsystem with pkidestroy * PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration * PKI TRAC Ticket #248 - pki_ds_database should not be a DN * PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure * PKI TRAC Ticket #250 - Creating/removing custom instances should not require http/ajp ports * PKI TRAC Ticket #251 - Instance name may conflict with other files * PKI TRAC Ticket #253 - Fix pki-destroy removal of '/var/log/pki/{pki_instance_id}' directory . . . * PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . . * PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar * PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . . 
* PKI TRAC Ticket #244 - Non-user-friendly message when deleting non-existent
  subsystem with pkidestroy
* PKI TRAC Ticket #246 - Incorrect parameter names in pkispawn configuration
* PKI TRAC Ticket #248 - pki_ds_database should not be a DN
* PKI TRAC Ticket #249 - pki_ds_base_dn causing pkispawn failure
* PKI TRAC Ticket #250 - Creating/removing custom instances should not require
  http/ajp ports
* PKI TRAC Ticket #251 - Instance name may conflict with other files
* PKI TRAC Ticket #253 - Fix pki-destroy removal of
  '/var/log/pki/{pki_instance_id}' directory . . .
* PKI TRAC Ticket #254 - Dogtag 10: Fix spec file to build successfully via mock
  on Fedora 17 . . .
* PKI TRAC Ticket #255 - Missing resteasy-atom-provider.jar
* PKI TRAC Ticket #260 - Dogtag 10: Change the layout of 'pki_instance_id' . . .
Selinux policy for new configuration. 2012-07-25T05:48:48+00:00 Ade Lee alee@redhat.com 2012-07-10T15:50:59+00:00 5fd74e0e0c9407306e99ef4fd2e776cb911ee94a Added tomcat_t for java processes. Added aliases for old types to allow compatibility of existng subsystems. Added install scripts for pkispawn and pkidestroy 
Added tomcat_t for java processes.  Added aliases for old types to allow
compatibility of existng subsystems.  Added install scripts for pkispawn
and pkidestroy
PKI Deployment Scriptlets 2012-07-19T17:17:18+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-19T08:04:54+00:00 5b004df074027d1eba33c2f9038030406830cc3c * In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' * In 'server.xml', removed the line containing a '1' * Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package * Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs * Removed all security domain references from external CA logic * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' * Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception 
* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception
PKI Deployment Scriptlets 2012-07-19T17:16:42+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-19T00:48:11+00:00 3fcefc1b67e7afe0455267b3876d9e6ef47531cc Saved Admin Certificate, imported it into NSS client security databases, and exported it to a PKCS #12 file such that it may be imported into a browser. TRAC Ticket #221 Dogtag 10: Create a PKCS #12 file containing the Admin Certificate (https://fedorahosted.org/pki/ticket/221) 
Saved Admin Certificate, imported it into NSS client security databases, and
exported it to a PKCS #12 file such that it may be imported into a browser.

TRAC Ticket #221
Dogtag 10: Create a PKCS #12 file containing the Admin Certificate
(https://fedorahosted.org/pki/ticket/221)
PKI Deployment Scriptlets 2012-07-19T17:15:56+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-04T00:52:33+00:00 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse) 
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)
PKI Deployment Scriptlets 2012-05-25T21:59:48+00:00 Matthew Harmsen mharmsen@redhat.com 2012-05-24T01:59:06+00:00 4a263b8db27208413acd0f038ea67629d5ee27bb * Integration of Tomcat 7 * Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy * Removal of 'pki_flavor' attribute 
* Integration of Tomcat 7
* Addition of centralized 'pki-tomcatd' systemd functionality to the
  PKI Deployment strategy
* Removal of 'pki_flavor' attribute
PKI Deployment Scriptlets 2012-05-18T18:06:37+00:00 Matthew Harmsen mharmsen@redhat.com 2012-05-18T17:52:06+00:00 924403a14e92112c3c3d696319759b65eb57a30c * Introduced concept of "admin-domain" originally as a separate folder, and later incorporated this concept into an optional instance prefix * Revised definition of <pki_instance_id> to be identified as "[<pki_admin_domain_name>-]<pki_instance_name> * Changed NSS security database model from one shared database by BOTH a single Tomcat AND single Apache instance into one per Tomcat instance (shared by CA/KRA/OCSP/TKS) and one per Apache instance (shared by RA/TPS) * Altered Configuration 'scriptlet' to invoke Jython for access to new Java configuration servlet * Renamed various "scriptlets" to comply with this new layout * Re-aligned code to account for revised layout documented at http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment 
* Introduced concept of "admin-domain" originally as a
  separate folder, and later incorporated this concept
  into an optional instance prefix
* Revised definition of <pki_instance_id> to be identified
  as "[<pki_admin_domain_name>-]<pki_instance_name>
* Changed NSS security database model from one shared
  database by BOTH a single Tomcat AND single Apache instance
  into one per Tomcat instance (shared by CA/KRA/OCSP/TKS) and
  one per Apache instance (shared by RA/TPS)
* Altered Configuration 'scriptlet' to invoke Jython for
  access to new Java configuration servlet
* Renamed various "scriptlets" to comply with this new layout
* Re-aligned code to account for revised layout documented at
  http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment