Merge branch 'master' of git://git.fedorahosted.org/git/pki

7 files changed, 52 insertions, 29 deletions

diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt
index 96d23fefa..10c4d8efd 100644
--- a/base/tps/CMakeLists.txt
+++ b/base/tps/CMakeLists.txt
@@ -43,6 +43,19 @@ add_subdirectory(tools)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-tpsd.target
+        lib/systemd/system/pki-tpsd@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -206,3 +219,8 @@ install(
         ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tps/admin/console/js
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants
+)
diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf
index 372066afc..a9410849c 100644
--- a/base/tps/apache/conf/httpd.conf
+++ b/base/tps/apache/conf/httpd.conf
@@ -78,7 +78,7 @@ ServerRoot "[SERVER_ROOT]"
 # identification number when it starts.
 #
 <IfModule !mpm_netware.c>
-PidFile run/[PKI_INSTANCE_ID].pid
+PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid
 </IfModule>
 
 #
@@ -232,8 +232,13 @@ Listen [PORT]
 # LoadModule foo_module modules/mod_foo.so
 #
 
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
 [FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
 # Required module for command 'UserDir':
 LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
 # Required module for command 'DirectoryIndex':
@@ -398,8 +403,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
 #
 # Controls who can get stuff from this server.
 #
-    Order allow,deny
-    Allow from all
+    Require all granted
 
 </Directory>
 
@@ -448,8 +452,7 @@ AccessFileName .htaccess
 # viewed by Web clients. 
 #
 <Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
+    Require all denied
 </Files>
 
 #
@@ -459,17 +462,6 @@ AccessFileName .htaccess
 TypesConfig conf/mime.types
 
 #
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value.  If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
 # The mod_mime_magic module allows the server to use various hints from the
 # contents of the file itself to determine its type.  The MIMEMagicFile
 # directive tells the module where the hint definitions are located.
@@ -596,8 +588,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
 <Directory "[SERVER_ROOT]/icons">
     Options Indexes MultiViews
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
@@ -610,8 +601,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
 <Directory "[SERVER_ROOT]/manual">
     Options Indexes
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 
     <Files *.html>
         SetHandler type-map
@@ -646,8 +636,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
 <Directory "[SERVER_ROOT]/cgi-bin">
     AllowOverride None
     Options ExecCGI
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf
index feb51e860..a1a98c6a0 100644
--- a/base/tps/apache/conf/perl.conf
+++ b/base/tps/apache/conf/perl.conf
@@ -58,13 +58,11 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
 <Location /tps/admin/console/config/wizard>
    SetHandler perl-script
    PerlHandler PKI::TPS::Wizard
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 <Location /tps/admin/console/config/login>
    SetHandler perl-script
    PerlHandler PKI::TPS::Login
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
diff --git a/base/tps/lib/systemd/system/pki-tpsd.target b/base/tps/lib/systemd/system/pki-tpsd.target
new file mode 100644
index 000000000..37c693b08
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Token Processing Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/lib/systemd/system/pki-tpsd@.service b/base/tps/lib/systemd/system/pki-tpsd@.service
new file mode 100644
index 000000000..6a0d6a343
--- /dev/null
+++ b/base/tps/lib/systemd/system/pki-tpsd@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Token Processing Server %i
+After=pki-tpsd.target
+BindTo=pki-tpsd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tps %i
+ExecStop=/usr/bin/pkicontrol stop tps %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry
index 6c13a4955..b74c84317 100644
--- a/base/tps/setup/pkidaemon_registry
+++ b/base/tps/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #
diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance
index a77b75f4f..cb907eb61 100644
--- a/base/tps/setup/registry_instance
+++ b/base/tps/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #