summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-08-13 14:01:02 -0400
committerAde Lee <alee@redhat.com>2012-08-15 15:38:45 -0400
commit7a6b89591732f872db38821c00ec3ce89ef57e7a (patch)
tree4580ce2c5583ba2ff96b77ebdaa02f3c1287c406
parent87b5eaa5b1409bc362867e3849fe16c8f205afa9 (diff)
downloadpki-7a6b89591732f872db38821c00ec3ce89ef57e7a.tar.gz
pki-7a6b89591732f872db38821c00ec3ce89ef57e7a.tar.xz
pki-7a6b89591732f872db38821c00ec3ce89ef57e7a.zip
Changes to get TPS and RA running on dogtag 10
Added systemd scripts for RA and TPS. Modified init scripts and configuration files to use correct directives for httpd 2.4. TPS and RA subsystems are now installable using pkicreate
-rw-r--r--base/ra/CMakeLists.txt18
-rw-r--r--base/ra/apache/conf/httpd.conf22
-rw-r--r--base/ra/apache/conf/perl.conf6
-rw-r--r--base/ra/lib/systemd/system/pki-rad.target6
-rw-r--r--base/ra/lib/systemd/system/pki-rad@.service12
-rw-r--r--base/ra/setup/pkidaemon_registry2
-rw-r--r--base/ra/setup/registry_instance2
-rw-r--r--base/selinux/src/pki.if2
-rwxr-xr-xbase/setup/pkicreate21
-rwxr-xr-xbase/setup/scripts/pki_apache_initscript9
-rw-r--r--base/tps/CMakeLists.txt18
-rw-r--r--base/tps/apache/conf/httpd.conf35
-rw-r--r--base/tps/apache/conf/perl.conf6
-rw-r--r--base/tps/lib/systemd/system/pki-tpsd.target6
-rw-r--r--base/tps/lib/systemd/system/pki-tpsd@.service12
-rw-r--r--base/tps/setup/pkidaemon_registry2
-rw-r--r--base/tps/setup/registry_instance2
-rw-r--r--specs/pki-ra.spec76
-rw-r--r--specs/pki-tps.spec77
19 files changed, 254 insertions, 80 deletions
diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt
index 59910fe95..79152e291 100644
--- a/base/ra/CMakeLists.txt
+++ b/base/ra/CMakeLists.txt
@@ -3,6 +3,19 @@ project(ra)
add_subdirectory(doc)
add_subdirectory(setup)
+# install systemd scripts
+install(
+ FILES
+ lib/systemd/system/pki-rad.target
+ lib/systemd/system/pki-rad@.service
+ DESTINATION
+ ${SYSTEMD_LIB_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
# install init script
install(
FILES
@@ -74,3 +87,8 @@ install(
${VAR_INSTALL_DIR}/run/pki/ra
)
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants
+)
diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf
index f89e43b33..180c08de0 100644
--- a/base/ra/apache/conf/httpd.conf
+++ b/base/ra/apache/conf/httpd.conf
@@ -232,8 +232,13 @@ Listen [PORT]
# LoadModule foo_module modules/mod_foo.so
#
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
[FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
# Required module for command 'UserDir':
LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
# Required module for command 'DirectoryIndex':
@@ -394,8 +399,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
#
# Controls who can get stuff from this server.
#
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
@@ -444,8 +448,7 @@ AccessFileName .htaccess
# viewed by Web clients.
#
<Files ~ "^\.ht">
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
#
@@ -592,8 +595,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
<Directory "[SERVER_ROOT]/icons">
Options Indexes MultiViews
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
#
@@ -606,8 +608,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
<Directory "[SERVER_ROOT]/manual">
Options Indexes
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
<Files *.html>
SetHandler type-map
@@ -642,8 +643,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
<Directory "[SERVER_ROOT]/cgi-bin">
AllowOverride None
Options ExecCGI
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
#
diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf
index 50139cdab..02a503f74 100644
--- a/base/ra/apache/conf/perl.conf
+++ b/base/ra/apache/conf/perl.conf
@@ -58,15 +58,13 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
<Location /ra/admin/console/config/wizard>
SetHandler perl-script
PerlHandler PKI::RA::Wizard
- Order deny,allow
- Allow from all
+ Require all granted
</Location>
<Location /ra/admin/console/config/login>
SetHandler perl-script
PerlHandler PKI::RA::Login
- Order deny,allow
- Allow from all
+ Require all granted
</Location>
PerlModule ModPerl::PerlRun
diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target
new file mode 100644
index 000000000..e1a4f808e
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Registration Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service
new file mode 100644
index 000000000..5432c62b2
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Registration Authority Server %i
+After=pki-rad.target
+BindTo=pki-rad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ra %i
+ExecStop=/usr/bin/pkicontrol stop ra %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry
index 8d23dda05..2e81158ef 100644
--- a/base/ra/setup/pkidaemon_registry
+++ b/base/ra/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
export PKI_HTTPD
#
diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance
index f8cae5a43..5be7a4de0 100644
--- a/base/ra/setup/registry_instance
+++ b/base/ra/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
export PKI_HTTPD
#
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index b456ac995..4272bd0c5 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -168,7 +168,7 @@ template(`pki_tomcat_template',`
miscfiles_read_localization($1_t)
miscfiles_read_hwdata($1_t)
- miscfiles_manage_cert_dirs($1_t)
+ miscfiles_manage_generic_cert_dirs($1_t)
miscfiles_manage_generic_cert_files($1_t)
logging_send_syslog_msg($1_t)
diff --git a/base/setup/pkicreate b/base/setup/pkicreate
index cc4ee703f..e3ee5a0ab 100755
--- a/base/setup/pkicreate
+++ b/base/setup/pkicreate
@@ -2870,6 +2870,17 @@ sub process_pki_files_and_symlinks
"${db_password}\n",
$default_file_permissions, $pki_user, $pki_group);
+ ## Populate systemd links
+ if ($use_systemd) {
+ return 0 if !create_symlink(
+ "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}",
+ "$pki_subsystem_systemd_service_path",
+ $root_user, $root_group);
+
+ # reload systemd configuration
+ run_command("/bin/systemctl --system daemon-reload");
+ }
+
## Populate instances (RA, TPS instances)
if ($subsystem_type eq $RA || $subsystem_type eq $TPS) {
# create an empty file called "pwcache.conf" for this
@@ -2893,16 +2904,6 @@ sub process_pki_files_and_symlinks
# to find our tomcat6 configuration file in /etc/sysconfig
return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path,
$root_user, $root_group);
- if ($use_systemd) {
- return 0 if !create_symlink(
- "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}",
- "$pki_subsystem_systemd_service_path",
- $root_user, $root_group);
-
- # reload systemd configuration
- run_command("/bin/systemctl --system daemon-reload");
-
- }
return 0 if !create_directory($webinf_lib_instance_path,
$default_dir_permissions, $pki_user, $pki_group);
diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript
index e51231065..c50c812a4 100755
--- a/base/setup/scripts/pki_apache_initscript
+++ b/base/setup/scripts/pki_apache_initscript
@@ -62,11 +62,6 @@ start()
fi
fi
- touch ${pidfile}
- chown ${PKI_USER}:${PKI_GROUP} ${pidfile}
- chmod 00600 ${pidfile}
- [ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
-
# restore context for ncipher hsm
[ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast
@@ -74,13 +69,13 @@ start()
rv=$?
if [ ${rv} = 0 ] ; then
if [ ${ARCHITECTURE} = "i386" ] ; then
- LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
+ LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
rv=$?
# overwrite output from "daemon"
echo -n $"Starting ${prog}: "
elif [ ${ARCHITECTURE} = "x86_64" ] ; then
# NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures
- LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS}
+ LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -r system_r -- ${httpd} ${PKI_OPTIONS}
rv=$?
fi
else
diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt
index 96d23fefa..10c4d8efd 100644
--- a/base/tps/CMakeLists.txt
+++ b/base/tps/CMakeLists.txt
@@ -43,6 +43,19 @@ add_subdirectory(tools)
add_subdirectory(doc)
add_subdirectory(setup)
+# install systemd scripts
+install(
+ FILES
+ lib/systemd/system/pki-tpsd.target
+ lib/systemd/system/pki-tpsd@.service
+ DESTINATION
+ ${SYSTEMD_LIB_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
# install init script
install(
FILES
@@ -206,3 +219,8 @@ install(
${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js
)
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants
+)
diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf
index 372066afc..a9410849c 100644
--- a/base/tps/apache/conf/httpd.conf
+++ b/base/tps/apache/conf/httpd.conf
@@ -78,7 +78,7 @@ ServerRoot "[SERVER_ROOT]"
# identification number when it starts.
#
<IfModule !mpm_netware.c>
-PidFile run/[PKI_INSTANCE_ID].pid
+PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid
</IfModule>
#
@@ -232,8 +232,13 @@ Listen [PORT]
# LoadModule foo_module modules/mod_foo.so
#
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
[FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
# Required module for command 'UserDir':
LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
# Required module for command 'DirectoryIndex':
@@ -398,8 +403,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
#
# Controls who can get stuff from this server.
#
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
@@ -448,8 +452,7 @@ AccessFileName .htaccess
# viewed by Web clients.
#
<Files ~ "^\.ht">
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
#
@@ -459,17 +462,6 @@ AccessFileName .htaccess
TypesConfig conf/mime.types
#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
@@ -596,8 +588,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
<Directory "[SERVER_ROOT]/icons">
Options Indexes MultiViews
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
#
@@ -610,8 +601,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
<Directory "[SERVER_ROOT]/manual">
Options Indexes
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
<Files *.html>
SetHandler type-map
@@ -646,8 +636,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
<Directory "[SERVER_ROOT]/cgi-bin">
AllowOverride None
Options ExecCGI
- Order allow,deny
- Allow from all
+ Require all granted
</Directory>
#
diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf
index feb51e860..a1a98c6a0 100644
--- a/base/tps/apache/conf/perl.conf
+++ b/base/tps/apache/conf/perl.conf
@@ -58,13 +58,11 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
<Location /tps/admin/console/config/wizard>
SetHandler perl-script
PerlHandler PKI::TPS::Wizard
- Order deny,allow
- Allow from all
+ Require all granted
</Location>
<Location /tps/admin/console/config/login>
SetHandler perl-script
PerlHandler PKI::TPS::Login
- Order deny,allow
- Allow from all
+ Require all granted
</Location>
diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target
new file mode 100644
index 000000000..37c693b08
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Token Processing Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service
new file mode 100644
index 000000000..6a0d6a343
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Token Processing Server %i
+After=pki-tpsd.target
+BindTo=pki-tpsd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tps %i
+ExecStop=/usr/bin/pkicontrol stop tps %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry
index 6c13a4955..b74c84317 100644
--- a/base/tps/setup/pkidaemon_registry
+++ b/base/tps/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
export PKI_HTTPD
#
diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance
index a77b75f4f..cb907eb61 100644
--- a/base/tps/setup/registry_instance
+++ b/base/tps/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
export PKI_HTTPD
#
diff --git a/specs/pki-ra.spec b/specs/pki-ra.spec
index 035cb6204..b52a4f4e4 100644
--- a/specs/pki-ra.spec
+++ b/specs/pki-ra.spec
@@ -7,7 +7,7 @@
Name: pki-ra
Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
+Release: %{?relprefix}2%{?prerel}%{?dist}
Summary: Certificate System - Registration Authority
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -17,6 +17,11 @@ BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# specify '_unitdir' macro for platforms that don't use 'systemd'
+%if 0%{?rhel} || 0%{?fedora} < 16
+%define _unitdir /lib/systemd/system
+%endif
+
BuildRequires: cmake
BuildRequires: nspr-devel
BuildRequires: nss-devel
@@ -31,16 +36,15 @@ Requires: pki-setup
Requires: perl-DBD-SQLite
Requires: sqlite
Requires: /usr/sbin/sendmail
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
Requires: initscripts
%endif
@@ -109,7 +113,8 @@ chmod +x %{__perl_requires}
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_RA:BOOL=ON .. \
+ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir}
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -146,7 +151,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/run/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-rad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-rad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+%if 0%{?rhel} || 0%{?fedora} < 16
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-rad || :
@@ -164,11 +176,55 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-rad condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+# Attempt to update ALL old "RA" instances to "systemd"
+if [ -d /etc/sysconfig/pki/ra ]; then
+ for inst in `ls /etc/sysconfig/pki/ra`; do
+ if [ ! -e "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-rad@.service" \
+ "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service"
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-rad@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-rad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-rad.target > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-rad.target >/dev/null 2>&1 || :
+fi
+%endif
+
%files
%defattr(-,root,root,-)
%doc base/ra/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-rad.target.wants
+%{_unitdir}/pki-rad@.service
+%{_unitdir}/pki-rad.target
+%else
%{_initrddir}/pki-rad
+%endif
%dir %{_datadir}/pki/ra
%{_datadir}/pki/ra/conf/
%{_datadir}/pki/ra/docroot/
@@ -188,6 +244,10 @@ fi
%changelog
+* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1
+- Added systemd scripts
+- Ported config files and init scripts to apache 2.4
+
* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
- Updated package version number
diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec
index f3bff7ae7..c75711d38 100644
--- a/specs/pki-tps.spec
+++ b/specs/pki-tps.spec
@@ -7,7 +7,7 @@
Name: pki-tps
Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
+Release: %{?relprefix}2%{?prerel}%{?dist}
Summary: Certificate System - Token Processing System
URL: http://pki.fedoraproject.org/
License: LGPLv2
@@ -15,6 +15,11 @@ Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# specify '_unitdir' macro for platforms that don't use 'systemd'
+%if 0%{?rhel} || 0%{?fedora} < 16
+%define _unitdir /lib/systemd/system
+%endif
+
BuildRequires: cmake
BuildRequires: apr-devel
BuildRequires: apr-util-devel
@@ -37,16 +42,16 @@ Requires: pki-native-tools
Requires: pki-selinux
Requires: pki-setup
Requires: pki-tps-theme >= 9.0.0
+
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
Requires: initscripts
%endif
@@ -131,7 +136,8 @@ chmod +x %{__perl_requires}
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON .. \
+ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir}
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -172,7 +178,15 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil
echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-tpsd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tpsd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+
+%if 0%{?rhel} || 0%{?fedora} < 16
%post
/sbin/ldconfig
# This adds the proper /etc/rc*.d links for the script
@@ -191,11 +205,54 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-tpsd condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+# Attempt to update ALL old "TPS" instances to "systemd"
+if [ -d /etc/sysconfig/pki/tps ]; then
+ for inst in `ls /etc/sysconfig/pki/tps`; do
+ if [ ! -e "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-tpsd@.service" \
+ "/etc/systemd/system/pki-tpsd.target.wants/pki-tpsd@${inst}.service"
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-tpsd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-tpsd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-tpsd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-tpsd.target > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-tpsd.target >/dev/null 2>&1 || :
+fi
+%endif
%files
%defattr(-,root,root,-)
%doc base/tps/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants
+%{_unitdir}/pki-tpsd@.service
+%{_unitdir}/pki-tpsd.target
+%else
%{_initrddir}/pki-tpsd
+%endif
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf
%{_bindir}/tpsclient
%{_libdir}/httpd/modules/*
@@ -222,6 +279,10 @@ fi
%changelog
+* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1
+- Added systemd scripts
+- Ported config files and init scripts to apache 2.4
+
* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
- Updated package version number