diff options
| author | Christina Fu <cfu@redhat.com> | 2012-08-15 13:32:14 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2012-08-15 13:32:14 -0700 |
| commit | 7a5b5b06052a3432e1aec0aec8906cd5941f6fd9 (patch) | |
| tree | 052bc470521dc24b5aa0b3552e594dbe11a4d660 | |
| parent | 3b1ca60d799ca02305b8a2c61eb279f74787cff0 (diff) | |
| parent | 7a6b89591732f872db38821c00ec3ce89ef57e7a (diff) | |
| download | pki-7a5b5b06052a3432e1aec0aec8906cd5941f6fd9.tar.gz pki-7a5b5b06052a3432e1aec0aec8906cd5941f6fd9.tar.xz pki-7a5b5b06052a3432e1aec0aec8906cd5941f6fd9.zip | |
Merge branch 'master' of git://git.fedorahosted.org/git/pki
| -rw-r--r-- | base/ra/CMakeLists.txt | 18 | ||||
| -rw-r--r-- | base/ra/apache/conf/httpd.conf | 22 | ||||
| -rw-r--r-- | base/ra/apache/conf/perl.conf | 6 | ||||
| -rw-r--r-- | base/ra/lib/systemd/system/pki-rad.target | 6 | ||||
| -rw-r--r-- | base/ra/lib/systemd/system/pki-rad@.service | 12 | ||||
| -rw-r--r-- | base/ra/setup/pkidaemon_registry | 2 | ||||
| -rw-r--r-- | base/ra/setup/registry_instance | 2 | ||||
| -rw-r--r-- | base/selinux/src/pki.if | 2 | ||||
| -rwxr-xr-x | base/setup/pkicreate | 21 | ||||
| -rwxr-xr-x | base/setup/scripts/pki_apache_initscript | 9 | ||||
| -rw-r--r-- | base/tps/CMakeLists.txt | 18 | ||||
| -rw-r--r-- | base/tps/apache/conf/httpd.conf | 35 | ||||
| -rw-r--r-- | base/tps/apache/conf/perl.conf | 6 | ||||
| -rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd.target | 6 | ||||
| -rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd@.service | 12 | ||||
| -rw-r--r-- | base/tps/setup/pkidaemon_registry | 2 | ||||
| -rw-r--r-- | base/tps/setup/registry_instance | 2 | ||||
| -rw-r--r-- | specs/pki-ra.spec | 76 | ||||
| -rw-r--r-- | specs/pki-tps.spec | 77 |
19 files changed, 254 insertions, 80 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt index 59910fe95..79152e291 100644 --- a/base/ra/CMakeLists.txt +++ b/base/ra/CMakeLists.txt @@ -3,6 +3,19 @@ project(ra) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-rad.target + lib/systemd/system/pki-rad@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -74,3 +87,8 @@ install( ${VAR_INSTALL_DIR}/run/pki/ra ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants +) diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf index f89e43b33..180c08de0 100644 --- a/base/ra/apache/conf/httpd.conf +++ b/base/ra/apache/conf/httpd.conf @@ -232,8 +232,13 @@ Listen [PORT] # LoadModule foo_module modules/mod_foo.so # -# Required modules for command 'Order': +# MPM worker module is a loadable module as of 2.4 +LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so + +LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so [FORTITUDE_AUTH_MODULES] +# Module for User and Group +LoadModule unixd_module /etc/httpd/modules/mod_unixd.so # Required module for command 'UserDir': LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so # Required module for command 'DirectoryIndex': @@ -394,8 +399,7 @@ DocumentRoot "[SERVER_ROOT]/docroot" # # Controls who can get stuff from this server. # - Order allow,deny - Allow from all + Require all granted </Directory> @@ -444,8 +448,7 @@ AccessFileName .htaccess # viewed by Web clients. # <Files ~ "^\.ht"> - Order allow,deny - Deny from all + Require all denied </Files> # @@ -592,8 +595,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/" <Directory "[SERVER_ROOT]/icons"> Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory> # @@ -606,8 +608,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1 <Directory "[SERVER_ROOT]/manual"> Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted <Files *.html> SetHandler type-map @@ -642,8 +643,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" <Directory "[SERVER_ROOT]/cgi-bin"> AllowOverride None Options ExecCGI - Order allow,deny - Allow from all + Require all granted </Directory> # diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf index 50139cdab..02a503f74 100644 --- a/base/ra/apache/conf/perl.conf +++ b/base/ra/apache/conf/perl.conf @@ -58,15 +58,13 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT] <Location /ra/admin/console/config/wizard> SetHandler perl-script PerlHandler PKI::RA::Wizard - Order deny,allow - Allow from all + Require all granted </Location> <Location /ra/admin/console/config/login> SetHandler perl-script PerlHandler PKI::RA::Login - Order deny,allow - Allow from all + Require all granted </Location> PerlModule ModPerl::PerlRun diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target new file mode 100644 index 000000000..e1a4f808e --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Registration Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service new file mode 100644 index 000000000..5432c62b2 --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Registration Authority Server %i +After=pki-rad.target +BindTo=pki-rad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ra %i +ExecStop=/usr/bin/pkicontrol stop ra %i + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry index 8d23dda05..2e81158ef 100644 --- a/base/ra/setup/pkidaemon_registry +++ b/base/ra/setup/pkidaemon_registry @@ -62,7 +62,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance index f8cae5a43..5be7a4de0 100644 --- a/base/ra/setup/registry_instance +++ b/base/ra/setup/registry_instance @@ -59,7 +59,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index b456ac995..4272bd0c5 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -168,7 +168,7 @@ template(`pki_tomcat_template',` miscfiles_read_localization($1_t) miscfiles_read_hwdata($1_t) - miscfiles_manage_cert_dirs($1_t) + miscfiles_manage_generic_cert_dirs($1_t) miscfiles_manage_generic_cert_files($1_t) logging_send_syslog_msg($1_t) diff --git a/base/setup/pkicreate b/base/setup/pkicreate index cc4ee703f..e3ee5a0ab 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2870,6 +2870,17 @@ sub process_pki_files_and_symlinks "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); + ## Populate systemd links + if ($use_systemd) { + return 0 if !create_symlink( + "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", + "$pki_subsystem_systemd_service_path", + $root_user, $root_group); + + # reload systemd configuration + run_command("/bin/systemctl --system daemon-reload"); + } + ## Populate instances (RA, TPS instances) if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { # create an empty file called "pwcache.conf" for this @@ -2893,16 +2904,6 @@ sub process_pki_files_and_symlinks # to find our tomcat6 configuration file in /etc/sysconfig return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, $root_user, $root_group); - if ($use_systemd) { - return 0 if !create_symlink( - "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", - "$pki_subsystem_systemd_service_path", - $root_user, $root_group); - - # reload systemd configuration - run_command("/bin/systemctl --system daemon-reload"); - - } return 0 if !create_directory($webinf_lib_instance_path, $default_dir_permissions, $pki_user, $pki_group); diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript index e51231065..c50c812a4 100755 --- a/base/setup/scripts/pki_apache_initscript +++ b/base/setup/scripts/pki_apache_initscript @@ -62,11 +62,6 @@ start() fi fi - touch ${pidfile} - chown ${PKI_USER}:${PKI_GROUP} ${pidfile} - chmod 00600 ${pidfile} - [ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile} - # restore context for ncipher hsm [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast @@ -74,13 +69,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? fi else diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index 96d23fefa..10c4d8efd 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -43,6 +43,19 @@ add_subdirectory(tools) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-tpsd.target + lib/systemd/system/pki-tpsd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -206,3 +219,8 @@ install( ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants +) diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf index 372066afc..a9410849c 100644 --- a/base/tps/apache/conf/httpd.conf +++ b/base/tps/apache/conf/httpd.conf @@ -78,7 +78,7 @@ ServerRoot "[SERVER_ROOT]" # identification number when it starts. # <IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_ID].pid +PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid </IfModule> # @@ -232,8 +232,13 @@ Listen [PORT] # LoadModule foo_module modules/mod_foo.so # -# Required modules for command 'Order': +# MPM worker module is a loadable module as of 2.4 +LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so + +LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so [FORTITUDE_AUTH_MODULES] +# Module for User and Group +LoadModule unixd_module /etc/httpd/modules/mod_unixd.so # Required module for command 'UserDir': LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so # Required module for command 'DirectoryIndex': @@ -398,8 +403,7 @@ DocumentRoot "[SERVER_ROOT]/docroot" # # Controls who can get stuff from this server. # - Order allow,deny - Allow from all + Require all granted </Directory> @@ -448,8 +452,7 @@ AccessFileName .htaccess # viewed by Web clients. # <Files ~ "^\.ht"> - Order allow,deny - Deny from all + Require all denied </Files> # @@ -459,17 +462,6 @@ AccessFileName .htaccess TypesConfig conf/mime.types # -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. @@ -596,8 +588,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/" <Directory "[SERVER_ROOT]/icons"> Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory> # @@ -610,8 +601,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1 <Directory "[SERVER_ROOT]/manual"> Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted <Files *.html> SetHandler type-map @@ -646,8 +636,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" <Directory "[SERVER_ROOT]/cgi-bin"> AllowOverride None Options ExecCGI - Order allow,deny - Allow from all + Require all granted </Directory> # diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf index feb51e860..a1a98c6a0 100644 --- a/base/tps/apache/conf/perl.conf +++ b/base/tps/apache/conf/perl.conf @@ -58,13 +58,11 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT] <Location /tps/admin/console/config/wizard> SetHandler perl-script PerlHandler PKI::TPS::Wizard - Order deny,allow - Allow from all + Require all granted </Location> <Location /tps/admin/console/config/login> SetHandler perl-script PerlHandler PKI::TPS::Login - Order deny,allow - Allow from all + Require all granted </Location> diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target new file mode 100644 index 000000000..37c693b08 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Token Processing Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service new file mode 100644 index 000000000..6a0d6a343 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Token Processing Server %i +After=pki-tpsd.target +BindTo=pki-tpsd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start tps %i +ExecStop=/usr/bin/pkicontrol stop tps %i + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry index 6c13a4955..b74c84317 100644 --- a/base/tps/setup/pkidaemon_registry +++ b/base/tps/setup/pkidaemon_registry @@ -62,7 +62,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance index a77b75f4f..cb907eb61 100644 --- a/base/tps/setup/registry_instance +++ b/base/tps/setup/registry_instance @@ -59,7 +59,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/specs/pki-ra.spec b/specs/pki-ra.spec index 035cb6204..b52a4f4e4 100644 --- a/specs/pki-ra.spec +++ b/specs/pki-ra.spec @@ -7,7 +7,7 @@ Name: pki-ra Version: 10.0.0 -Release: %{?relprefix}1%{?prerel}%{?dist} +Release: %{?relprefix}2%{?prerel}%{?dist} Summary: Certificate System - Registration Authority URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -17,6 +17,11 @@ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: nspr-devel BuildRequires: nss-devel @@ -31,16 +36,15 @@ Requires: pki-setup Requires: perl-DBD-SQLite Requires: sqlite Requires: /usr/sbin/sendmail +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -109,7 +113,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -146,7 +151,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile echo "D /var/run/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-rad +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-rad.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?rhel} || 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-rad || : @@ -164,11 +176,55 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-rad condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "RA" instances to "systemd" +if [ -d /etc/sysconfig/pki/ra ]; then + for inst in `ls /etc/sysconfig/pki/ra`; do + if [ ! -e "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-rad@.service" \ + "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-rad@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-rad.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-rad.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-rad.target >/dev/null 2>&1 || : +fi +%endif + %files %defattr(-,root,root,-) %doc base/ra/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-rad.target.wants +%{_unitdir}/pki-rad@.service +%{_unitdir}/pki-rad.target +%else %{_initrddir}/pki-rad +%endif %dir %{_datadir}/pki/ra %{_datadir}/pki/ra/conf/ %{_datadir}/pki/ra/docroot/ @@ -188,6 +244,10 @@ fi %changelog +* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1 +- Added systemd scripts +- Ported config files and init scripts to apache 2.4 + * Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1 - Updated package version number diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec index f3bff7ae7..c75711d38 100644 --- a/specs/pki-tps.spec +++ b/specs/pki-tps.spec @@ -7,7 +7,7 @@ Name: pki-tps Version: 10.0.0 -Release: %{?relprefix}1%{?prerel}%{?dist} +Release: %{?relprefix}2%{?prerel}%{?dist} Summary: Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ License: LGPLv2 @@ -15,6 +15,11 @@ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: apr-devel BuildRequires: apr-util-devel @@ -37,16 +42,16 @@ Requires: pki-native-tools Requires: pki-selinux Requires: pki-setup Requires: pki-tps-theme >= 9.0.0 + +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -131,7 +136,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -172,7 +178,15 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-tpsd +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif + +%if 0%{?rhel} || 0%{?fedora} < 16 %post /sbin/ldconfig # This adds the proper /etc/rc*.d links for the script @@ -191,11 +205,54 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "TPS" instances to "systemd" +if [ -d /etc/sysconfig/pki/tps ]; then + for inst in `ls /etc/sysconfig/pki/tps`; do + if [ ! -e "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-tpsd@.service" \ + "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-tpsd@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-tpsd.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-tpsd.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-tpsd.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/tps/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{_unitdir}/pki-tpsd@.service +%{_unitdir}/pki-tpsd.target +%else %{_initrddir}/pki-tpsd +%endif %config(noreplace) %{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf %{_bindir}/tpsclient %{_libdir}/httpd/modules/* @@ -222,6 +279,10 @@ fi %changelog +* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1 +- Added systemd scripts +- Ported config files and init scripts to apache 2.4 + * Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1 - Updated package version number |