diff options
author | Ade Lee <alee@redhat.com> | 2012-08-13 14:01:02 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-08-15 15:38:45 -0400 |
commit | 7a6b89591732f872db38821c00ec3ce89ef57e7a (patch) | |
tree | 4580ce2c5583ba2ff96b77ebdaa02f3c1287c406 | |
parent | 87b5eaa5b1409bc362867e3849fe16c8f205afa9 (diff) | |
download | pki-7a6b89591732f872db38821c00ec3ce89ef57e7a.tar.gz pki-7a6b89591732f872db38821c00ec3ce89ef57e7a.tar.xz pki-7a6b89591732f872db38821c00ec3ce89ef57e7a.zip |
Changes to get TPS and RA running on dogtag 10
Added systemd scripts for RA and TPS. Modified init scripts
and configuration files to use correct directives for httpd 2.4.
TPS and RA subsystems are now installable using pkicreate
-rw-r--r-- | base/ra/CMakeLists.txt | 18 | ||||
-rw-r--r-- | base/ra/apache/conf/httpd.conf | 22 | ||||
-rw-r--r-- | base/ra/apache/conf/perl.conf | 6 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad.target | 6 | ||||
-rw-r--r-- | base/ra/lib/systemd/system/pki-rad@.service | 12 | ||||
-rw-r--r-- | base/ra/setup/pkidaemon_registry | 2 | ||||
-rw-r--r-- | base/ra/setup/registry_instance | 2 | ||||
-rw-r--r-- | base/selinux/src/pki.if | 2 | ||||
-rwxr-xr-x | base/setup/pkicreate | 21 | ||||
-rwxr-xr-x | base/setup/scripts/pki_apache_initscript | 9 | ||||
-rw-r--r-- | base/tps/CMakeLists.txt | 18 | ||||
-rw-r--r-- | base/tps/apache/conf/httpd.conf | 35 | ||||
-rw-r--r-- | base/tps/apache/conf/perl.conf | 6 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd.target | 6 | ||||
-rw-r--r-- | base/tps/lib/systemd/system/pki-tpsd@.service | 12 | ||||
-rw-r--r-- | base/tps/setup/pkidaemon_registry | 2 | ||||
-rw-r--r-- | base/tps/setup/registry_instance | 2 | ||||
-rw-r--r-- | specs/pki-ra.spec | 76 | ||||
-rw-r--r-- | specs/pki-tps.spec | 77 |
19 files changed, 254 insertions, 80 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt index 59910fe95..79152e291 100644 --- a/base/ra/CMakeLists.txt +++ b/base/ra/CMakeLists.txt @@ -3,6 +3,19 @@ project(ra) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-rad.target + lib/systemd/system/pki-rad@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -74,3 +87,8 @@ install( ${VAR_INSTALL_DIR}/run/pki/ra ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants +) diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf index f89e43b33..180c08de0 100644 --- a/base/ra/apache/conf/httpd.conf +++ b/base/ra/apache/conf/httpd.conf @@ -232,8 +232,13 @@ Listen [PORT] # LoadModule foo_module modules/mod_foo.so # -# Required modules for command 'Order': +# MPM worker module is a loadable module as of 2.4 +LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so + +LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so [FORTITUDE_AUTH_MODULES] +# Module for User and Group +LoadModule unixd_module /etc/httpd/modules/mod_unixd.so # Required module for command 'UserDir': LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so # Required module for command 'DirectoryIndex': @@ -394,8 +399,7 @@ DocumentRoot "[SERVER_ROOT]/docroot" # # Controls who can get stuff from this server. # - Order allow,deny - Allow from all + Require all granted </Directory> @@ -444,8 +448,7 @@ AccessFileName .htaccess # viewed by Web clients. # <Files ~ "^\.ht"> - Order allow,deny - Deny from all + Require all denied </Files> # @@ -592,8 +595,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/" <Directory "[SERVER_ROOT]/icons"> Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory> # @@ -606,8 +608,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1 <Directory "[SERVER_ROOT]/manual"> Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted <Files *.html> SetHandler type-map @@ -642,8 +643,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" <Directory "[SERVER_ROOT]/cgi-bin"> AllowOverride None Options ExecCGI - Order allow,deny - Allow from all + Require all granted </Directory> # diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf index 50139cdab..02a503f74 100644 --- a/base/ra/apache/conf/perl.conf +++ b/base/ra/apache/conf/perl.conf @@ -58,15 +58,13 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT] <Location /ra/admin/console/config/wizard> SetHandler perl-script PerlHandler PKI::RA::Wizard - Order deny,allow - Allow from all + Require all granted </Location> <Location /ra/admin/console/config/login> SetHandler perl-script PerlHandler PKI::RA::Login - Order deny,allow - Allow from all + Require all granted </Location> PerlModule ModPerl::PerlRun diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target new file mode 100644 index 000000000..e1a4f808e --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Registration Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service new file mode 100644 index 000000000..5432c62b2 --- /dev/null +++ b/base/ra/lib/systemd/system/pki-rad@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Registration Authority Server %i +After=pki-rad.target +BindTo=pki-rad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ra %i +ExecStop=/usr/bin/pkicontrol stop ra %i + +[Install] +WantedBy=multi-user.target diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry index 8d23dda05..2e81158ef 100644 --- a/base/ra/setup/pkidaemon_registry +++ b/base/ra/setup/pkidaemon_registry @@ -62,7 +62,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance index f8cae5a43..5be7a4de0 100644 --- a/base/ra/setup/registry_instance +++ b/base/ra/setup/registry_instance @@ -59,7 +59,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if index b456ac995..4272bd0c5 100644 --- a/base/selinux/src/pki.if +++ b/base/selinux/src/pki.if @@ -168,7 +168,7 @@ template(`pki_tomcat_template',` miscfiles_read_localization($1_t) miscfiles_read_hwdata($1_t) - miscfiles_manage_cert_dirs($1_t) + miscfiles_manage_generic_cert_dirs($1_t) miscfiles_manage_generic_cert_files($1_t) logging_send_syslog_msg($1_t) diff --git a/base/setup/pkicreate b/base/setup/pkicreate index cc4ee703f..e3ee5a0ab 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2870,6 +2870,17 @@ sub process_pki_files_and_symlinks "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); + ## Populate systemd links + if ($use_systemd) { + return 0 if !create_symlink( + "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", + "$pki_subsystem_systemd_service_path", + $root_user, $root_group); + + # reload systemd configuration + run_command("/bin/systemctl --system daemon-reload"); + } + ## Populate instances (RA, TPS instances) if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { # create an empty file called "pwcache.conf" for this @@ -2893,16 +2904,6 @@ sub process_pki_files_and_symlinks # to find our tomcat6 configuration file in /etc/sysconfig return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, $root_user, $root_group); - if ($use_systemd) { - return 0 if !create_symlink( - "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", - "$pki_subsystem_systemd_service_path", - $root_user, $root_group); - - # reload systemd configuration - run_command("/bin/systemctl --system daemon-reload"); - - } return 0 if !create_directory($webinf_lib_instance_path, $default_dir_permissions, $pki_user, $pki_group); diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript index e51231065..c50c812a4 100755 --- a/base/setup/scripts/pki_apache_initscript +++ b/base/setup/scripts/pki_apache_initscript @@ -62,11 +62,6 @@ start() fi fi - touch ${pidfile} - chown ${PKI_USER}:${PKI_GROUP} ${pidfile} - chmod 00600 ${pidfile} - [ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile} - # restore context for ncipher hsm [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast @@ -74,13 +69,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS} rv=$? fi else diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index 96d23fefa..10c4d8efd 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -43,6 +43,19 @@ add_subdirectory(tools) add_subdirectory(doc) add_subdirectory(setup) +# install systemd scripts +install( + FILES + lib/systemd/system/pki-tpsd.target + lib/systemd/system/pki-tpsd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -206,3 +219,8 @@ install( ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js ) +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants +) diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf index 372066afc..a9410849c 100644 --- a/base/tps/apache/conf/httpd.conf +++ b/base/tps/apache/conf/httpd.conf @@ -78,7 +78,7 @@ ServerRoot "[SERVER_ROOT]" # identification number when it starts. # <IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_ID].pid +PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid </IfModule> # @@ -232,8 +232,13 @@ Listen [PORT] # LoadModule foo_module modules/mod_foo.so # -# Required modules for command 'Order': +# MPM worker module is a loadable module as of 2.4 +LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so + +LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so [FORTITUDE_AUTH_MODULES] +# Module for User and Group +LoadModule unixd_module /etc/httpd/modules/mod_unixd.so # Required module for command 'UserDir': LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so # Required module for command 'DirectoryIndex': @@ -398,8 +403,7 @@ DocumentRoot "[SERVER_ROOT]/docroot" # # Controls who can get stuff from this server. # - Order allow,deny - Allow from all + Require all granted </Directory> @@ -448,8 +452,7 @@ AccessFileName .htaccess # viewed by Web clients. # <Files ~ "^\.ht"> - Order allow,deny - Deny from all + Require all denied </Files> # @@ -459,17 +462,6 @@ AccessFileName .htaccess TypesConfig conf/mime.types # -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. @@ -596,8 +588,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/" <Directory "[SERVER_ROOT]/icons"> Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory> # @@ -610,8 +601,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1 <Directory "[SERVER_ROOT]/manual"> Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted <Files *.html> SetHandler type-map @@ -646,8 +636,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" <Directory "[SERVER_ROOT]/cgi-bin"> AllowOverride None Options ExecCGI - Order allow,deny - Allow from all + Require all granted </Directory> # diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf index feb51e860..a1a98c6a0 100644 --- a/base/tps/apache/conf/perl.conf +++ b/base/tps/apache/conf/perl.conf @@ -58,13 +58,11 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT] <Location /tps/admin/console/config/wizard> SetHandler perl-script PerlHandler PKI::TPS::Wizard - Order deny,allow - Allow from all + Require all granted </Location> <Location /tps/admin/console/config/login> SetHandler perl-script PerlHandler PKI::TPS::Login - Order deny,allow - Allow from all + Require all granted </Location> diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target new file mode 100644 index 000000000..37c693b08 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd.target @@ -0,0 +1,6 @@ +[Unit] +Description=PKI Token Processing Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service new file mode 100644 index 000000000..6a0d6a343 --- /dev/null +++ b/base/tps/lib/systemd/system/pki-tpsd@.service @@ -0,0 +1,12 @@ +[Unit] +Description=PKI Token Processing Server %i +After=pki-tpsd.target +BindTo=pki-tpsd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start tps %i +ExecStop=/usr/bin/pkicontrol stop tps %i + +[Install] +WantedBy=multi-user.target diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry index 6c13a4955..b74c84317 100644 --- a/base/tps/setup/pkidaemon_registry +++ b/base/tps/setup/pkidaemon_registry @@ -62,7 +62,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance index a77b75f4f..cb907eb61 100644 --- a/base/tps/setup/registry_instance +++ b/base/tps/setup/registry_instance @@ -59,7 +59,7 @@ export RESTART_SERVER # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd export PKI_HTTPD # diff --git a/specs/pki-ra.spec b/specs/pki-ra.spec index 035cb6204..b52a4f4e4 100644 --- a/specs/pki-ra.spec +++ b/specs/pki-ra.spec @@ -7,7 +7,7 @@ Name: pki-ra Version: 10.0.0 -Release: %{?relprefix}1%{?prerel}%{?dist} +Release: %{?relprefix}2%{?prerel}%{?dist} Summary: Certificate System - Registration Authority URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -17,6 +17,11 @@ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: nspr-devel BuildRequires: nss-devel @@ -31,16 +36,15 @@ Requires: pki-setup Requires: perl-DBD-SQLite Requires: sqlite Requires: /usr/sbin/sendmail +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -109,7 +113,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -146,7 +151,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile echo "D /var/run/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-rad +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-rad.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?rhel} || 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-rad || : @@ -164,11 +176,55 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-rad condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "RA" instances to "systemd" +if [ -d /etc/sysconfig/pki/ra ]; then + for inst in `ls /etc/sysconfig/pki/ra`; do + if [ ! -e "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-rad@.service" \ + "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-rad@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-rad.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-rad.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-rad.target >/dev/null 2>&1 || : +fi +%endif + %files %defattr(-,root,root,-) %doc base/ra/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-rad.target.wants +%{_unitdir}/pki-rad@.service +%{_unitdir}/pki-rad.target +%else %{_initrddir}/pki-rad +%endif %dir %{_datadir}/pki/ra %{_datadir}/pki/ra/conf/ %{_datadir}/pki/ra/docroot/ @@ -188,6 +244,10 @@ fi %changelog +* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1 +- Added systemd scripts +- Ported config files and init scripts to apache 2.4 + * Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1 - Updated package version number diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec index f3bff7ae7..c75711d38 100644 --- a/specs/pki-tps.spec +++ b/specs/pki-tps.spec @@ -7,7 +7,7 @@ Name: pki-tps Version: 10.0.0 -Release: %{?relprefix}1%{?prerel}%{?dist} +Release: %{?relprefix}2%{?prerel}%{?dist} Summary: Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ License: LGPLv2 @@ -15,6 +15,11 @@ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# specify '_unitdir' macro for platforms that don't use 'systemd' +%if 0%{?rhel} || 0%{?fedora} < 16 +%define _unitdir /lib/systemd/system +%endif + BuildRequires: cmake BuildRequires: apr-devel BuildRequires: apr-util-devel @@ -37,16 +42,16 @@ Requires: pki-native-tools Requires: pki-selinux Requires: pki-setup Requires: pki-tps-theme >= 9.0.0 + +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%if 0%{?fedora} >= 15 -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# Requires: initscripts %endif @@ -131,7 +136,8 @@ chmod +x %{__perl_requires} %build %{__mkdir_p} build cd build -%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. +%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. \ + -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} %{__make} VERBOSE=1 %{?_smp_mflags} @@ -172,7 +178,15 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-tpsd +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif + +%if 0%{?rhel} || 0%{?fedora} < 16 %post /sbin/ldconfig # This adds the proper /etc/rc*.d links for the script @@ -191,11 +205,54 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || : fi +%else +%post +# Attempt to update ALL old "TPS" instances to "systemd" +if [ -d /etc/sysconfig/pki/tps ]; then + for inst in `ls /etc/sysconfig/pki/tps`; do + if [ ! -e "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-tpsd@.service" \ + "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-tpsd@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi + done +fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-tpsd.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-tpsd.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-tpsd.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/tps/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{_unitdir}/pki-tpsd@.service +%{_unitdir}/pki-tpsd.target +%else %{_initrddir}/pki-tpsd +%endif %config(noreplace) %{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf %{_bindir}/tpsclient %{_libdir}/httpd/modules/* @@ -222,6 +279,10 @@ fi %changelog +* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1 +- Added systemd scripts +- Ported config files and init scripts to apache 2.4 + * Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1 - Updated package version number |