Remove duplicate prompt on nuxwdog startup

8 files changed, 59 insertions, 51 deletions

diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 8353edee1..3d2dd5e43 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -816,7 +816,7 @@ internaldb.maxConns=15
 internaldb.minConns=3
 internaldb.ldapauth.authtype=BasicAuth
 internaldb.ldapauth.bindDN=cn=Directory Manager
-internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=
 internaldb.ldapconn.host=
 internaldb.ldapconn.port=
diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in
index da7195530..7ecacf64d 100644
--- a/base/kra/shared/conf/CS.cfg.in
+++ b/base/kra/shared/conf/CS.cfg.in
@@ -224,7 +224,7 @@ internaldb.maxConns=15
 internaldb.minConns=3
 internaldb.ldapauth.authtype=BasicAuth
 internaldb.ldapauth.bindDN=cn=Directory Manager
-internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=
 internaldb.ldapconn.host=
 internaldb.ldapconn.port=
diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in
index cfc9ec24b..9c878e89e 100644
--- a/base/ocsp/shared/conf/CS.cfg.in
+++ b/base/ocsp/shared/conf/CS.cfg.in
@@ -183,7 +183,7 @@ internaldb.maxConns=15
 internaldb.minConns=3
 internaldb.ldapauth.authtype=BasicAuth
 internaldb.ldapauth.bindDN=cn=Directory Manager
-internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=
 internaldb.ldapconn.host=
 internaldb.ldapconn.port=
diff --git a/base/server/upgrade/10.2.3/02-FixBindPWPrompt b/base/server/upgrade/10.2.3/02-FixBindPWPrompt
new file mode 100755
index 000000000..7b99afd6f
--- /dev/null
+++ b/base/server/upgrade/10.2.3/02-FixBindPWPrompt
@@ -0,0 +1,49 @@
+#!/usr/bin/python
+# Authors:
+#     Ade Lee <alee@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2015 Red Hat, Inc.
+# All rights reserved.
+#
+
+import fileinput
+import os
+import re
+import sys
+import pki.server.upgrade
+
+
+class FixBindPWPrompt(pki.server.upgrade.PKIServerUpgradeScriptlet):
+
+    def __init__(self):
+        self.message = 'Fix bindPWPrompt for internalDB'
+
+    def upgrade_subsystem(self, instance, subsystem):
+
+        cs_cfg = os.path.join(
+            instance.base_dir,
+            'conf',
+            subsystem.name,
+            'CS.cfg')
+
+        self.backup(cs_cfg)
+
+        for line in fileinput.input(cs_cfg, inplace=1):
+            line = re.sub(r"^internaldb.ldapauth.bindPWPrompt=.*",
+                          "internaldb.ldapauth.bindPWPrompt=internaldb",
+                          line)
+            sys.stdout.write(line)
+
diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg.in
index 8579ef21b..f864e298a 100644
--- a/base/tks/shared/conf/CS.cfg.in
+++ b/base/tks/shared/conf/CS.cfg.in
@@ -175,7 +175,7 @@ internaldb.maxConns=15
 internaldb.minConns=3
 internaldb.ldapauth.authtype=BasicAuth
 internaldb.ldapauth.bindDN=cn=Directory Manager
-internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=
 internaldb.ldapconn.host=
 internaldb.ldapconn.port=
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in
index e4733f815..4fa477dbc 100644
--- a/base/tps/shared/conf/CS.cfg.in
+++ b/base/tps/shared/conf/CS.cfg.in
@@ -164,7 +164,7 @@ internaldb._001=## Internal Database
 internaldb._002=##
 internaldb.ldapauth.authtype=BasicAuth
 internaldb.ldapauth.bindDN=cn=Directory Manager
-internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=
 internaldb.ldapconn.host=
 internaldb.ldapconn.port=
diff --git a/specs/dogtag-pki.spec b/specs/dogtag-pki.spec
index 03a59d855..c602fc7e0 100644
--- a/specs/dogtag-pki.spec
+++ b/specs/dogtag-pki.spec
@@ -16,35 +16,8 @@ ExcludeArch:      ppc ppc64 ppcle ppc64le s390 s390x
 %define dogtag_pki_theme_version   %{version}
 %define esc_version                1.1.0
 # NOTE:  The following package versions are TLS compliant:
-%define jss_version                4.2.6-35
 %define pki_core_version           %{version}
 %define pki_console_version        %{version}
-%if 0%{?rhel}
-%define tomcatjss_version          7.1.0-5
-%else
-%if 0%{?fedora} >= 23
-%define tomcatjss_version          7.1.2
-%else
-%define tomcatjss_version          7.1.1
-%endif
-%endif
-
-Requires:         apache-commons-codec
-%if  0%{?fedora} >= 21
-Requires:         selinux-policy-targeted >= 3.13.1-9
-%else
-# 0%{?rhel} || 0%{?fedora} < 21
-Requires:         selinux-policy-targeted >= 3.12.1-153
-%endif
-
-# Make certain that this 'meta' package requires the latest version(s)
-# of ALL top-level Dogtag PKI support packages
-Requires:         jss >= %{jss_version}
-Requires:         tomcatjss >= %{tomcatjss_version}
-
-# Make certain that this 'meta' package requires the latest version(s)
-# of ALL top-level Dogtag PKI support javadocs
-Requires:         jss-javadoc >= %{jss_version}
 
 # Make certain that this 'meta' package requires the latest version(s)
 # of ALL Dogtag PKI theme packages
@@ -122,6 +95,8 @@ rm -rf %{buildroot}
 %changelog
 * Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-1
 - Update release number for release build
+- Remove tomcatjss, jss and selinux requirements as these should
+  be handled by pki packages
 
 * Thu Apr  9 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1
 - Reverted version number back to 10.2.3-0.1
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 30bd9093f..30b117986 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -53,7 +53,7 @@ BuildRequires:    apache-commons-lang
 BuildRequires:    jakarta-commons-httpclient
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel >= 3.14.3
-BuildRequires:    nuxwdog-client-java
+BuildRequires:    nuxwdog-client-java >= 1.0.2
 BuildRequires:    openldap-devel
 BuildRequires:    pkgconfig
 BuildRequires:    policycoreutils
@@ -101,15 +101,7 @@ BuildRequires:    junit
 BuildRequires:    jpackage-utils >= 0:1.7.5-10
 BuildRequires:    jss >= 4.2.6-35
 BuildRequires:    systemd-units
-%if 0%{?rhel}
-BuildRequires:    tomcatjss >= 7.1.0-5
-%else
-%if 0%{?fedora} >= 23
-BuildRequires:         tomcatjss >= 7.1.2
-%else
-BuildRequires:         tomcatjss >= 7.1.1
-%endif
-%endif
+BuildRequires:    tomcatjss >= 7.1.2
 
 # additional build requirements needed to build native 'tpsclient'
 # REMINDER:  Revisit these once 'tpsclient' is rewritten as a Java app
@@ -354,7 +346,7 @@ Obsoletes:        pki-silent < %{version}-%{release}
 
 Requires:         java-headless >= 1:1.7.0
 Requires:         net-tools
-Requires:         nuxwdog-client-java
+Requires:         nuxwdog-client-java >= 1.0.2
 Requires:         perl(File::Slurp)
 Requires:         policycoreutils
 Requires:         openldap-clients
@@ -390,15 +382,7 @@ Requires(post):   systemd-units
 Requires(preun):  systemd-units
 Requires(postun): systemd-units
 
-%if 0%{?rhel}
-Requires:         tomcatjss >= 7.1.0-5
-%else
-%if 0%{?fedora} >= 23
 Requires:         tomcatjss >= 7.1.2
-%else
-Requires:         tomcatjss >= 7.1.1
-%endif
-%endif
 
 %description -n   pki-server
 The PKI Server Framework is required by the following four PKI subsystems: