diff options
author | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-19 21:02:21 +0000 |
---|---|---|
committer | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-19 21:02:21 +0000 |
commit | 1ce12b22e224af364d62c12b690a59b5cd10851b (patch) | |
tree | 8e27be6f33e63f05acfde3fbcf4c317ed2ea2233 /pki | |
parent | 7ff1a2d86491e3ae8bc653e2ab2cc261d10fda36 (diff) | |
download | pki-1ce12b22e224af364d62c12b690a59b5cd10851b.tar.gz pki-1ce12b22e224af364d62c12b690a59b5cd10851b.tar.xz pki-1ce12b22e224af364d62c12b690a59b5cd10851b.zip |
Fix issues discovered during testing
During testing with Ade several issues were discovered which needed
fixing, these included:
Remove connectionTimeout on JSS connectors in the server.xml files due
to JSS bug. We will reenable the timeouts when JSS is fixed.
pki_apache_initscript had chmod & chown wrapped in an echo command
which prevented them from executing, an artifact inadverantly left in
the file during a debug session. The role parameter to runcon which
had been added to facilitate test/debug was removed.
The logfile variables shared between pkicommon, pkicreate and
pkiremove were awkward and resulted in warnings about the use of
uninitialized variables in some circumstances. Some functions were
tweaked and some variables removed to enforce better data hiding and
eliminate the warnings with respect to the logfile.
If the pkicreate script aborted before it completed it would fail to
write the installation manifest which made it impossible to remove the
partial installation via pkiremove. A hander was added so it would run
if Perl executed a "die" (e.g. aborted). The handler writes the
manifest before final exit. The subroutine used to write the manifest
was bullet proofed to avoid referencing uninitialized variables in the
case of non-normal exit.
The copy_directory() subroutine failed to preserve symbolic links in
the source, instead it traversed the source link and copied the target
of the link. copy_directory() and it's support routines were enhanced
to preserve symbolic links. A new subrotine copy_symlink() was added.
pkicreate failed to create a symbolic link to the symkey.jar file, it
now creates the link to symkey.jar.
The passwords written into the two password files were not terminated
with a newline character, now they are.
pkiremove would enter an infinate loop if the -force option was
specified, this is now fixed.
The tomcat6.conf file had been inadvertantly omitted from the tks
subsystem.
References to the deprecated apachectl file were expunged.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1577 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r-- | pki/base/ca/shared/conf/server.xml | 6 | ||||
-rwxr-xr-x | pki/base/common/scripts/pki_apache_initscript | 14 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/server.xml | 4 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 4 | ||||
-rwxr-xr-x | pki/base/setup/pkicommon | 163 | ||||
-rwxr-xr-x | pki/base/setup/pkicreate | 89 | ||||
-rwxr-xr-x | pki/base/setup/pkiremove | 12 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/server.xml | 4 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/tomcat6.conf | 55 | ||||
-rw-r--r-- | pki/base/tps/CMakeLists.txt | 2 | ||||
-rw-r--r-- | pki/base/tps/Makefile.am | 2 | ||||
-rw-r--r-- | pki/base/tps/Makefile.in | 1 | ||||
-rw-r--r-- | pki/dogtag/tps/pki-tps.spec | 1 |
13 files changed, 273 insertions, 84 deletions
diff --git a/pki/base/ca/shared/conf/server.xml b/pki/base/ca/shared/conf/server.xml index 83eaf775e..07f4a4060 100644 --- a/pki/base/ca/shared/conf/server.xml +++ b/pki/base/ca/shared/conf/server.xml @@ -120,7 +120,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -162,7 +162,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" @@ -179,7 +179,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_CLIENT_AUTH_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="true" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/common/scripts/pki_apache_initscript b/pki/base/common/scripts/pki_apache_initscript index 3e886a6d6..e51231065 100755 --- a/pki/base/common/scripts/pki_apache_initscript +++ b/pki/base/common/scripts/pki_apache_initscript @@ -1,7 +1,5 @@ #!/bin/bash -# FIXME: needed to add -r system_r to runcon, not sure why or if it's right - command="$1" # Source function library. @@ -76,13 +74,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -r system_r -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -r system_r -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} rv=$? fi else @@ -114,15 +112,15 @@ start() # Set permissions of log files for file in ${pki_logs_directory}/*; do if [ `basename $file` != "signedAudit" ]; then - echo "chown ${PKI_USER}:${PKI_GROUP} ${file}" - echo "chmod 00640 ${file}" + chown ${PKI_USER}:${PKI_GROUP} ${file} + chmod 00640 ${file} fi done if [ -d ${pki_logs_directory}/signedAudit ]; then for file in ${pki_logs_directory}/signedAudit/*; do - echo "chown ${PKI_USER} ${file}" - echo "chmod 00640 ${file}" + chown ${PKI_USER} ${file} + chmod 00640 ${file} done fi diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml index e26d09dc3..856c2c2a5 100644 --- a/pki/base/kra/shared/conf/server.xml +++ b/pki/base/kra/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index e26d09dc3..856c2c2a5 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/setup/pkicommon b/pki/base/setup/pkicommon index d408459f3..b8aa95939 100755 --- a/pki/base/setup/pkicommon +++ b/pki/base/setup/pkicommon @@ -26,7 +26,7 @@ use warnings; use Exporter; our @ISA = qw(Exporter); our @EXPORT = qw( - $lib_prefix $obj_ext $path_sep $tmp_dir $logfile + $lib_prefix $obj_ext $path_sep $tmp_dir $pki_flavor $pki_registry_path $verbose $dry_run $hostname $default_hardware_platform $default_system_binaries $default_lockdir $default_system_libraries $default_system_user_binaries @@ -60,7 +60,7 @@ our @EXPORT = qw( certutil_create_databases certutil_delete_cert certutil_generate_CSR certutil_generate_self_signed_cert certutil_import_cert certutil_print_cert certutil_list_certs modutil_add_token - open_logfile print_to_logfile close_logfile + open_logfile get_logfile_path close_logfile prompt printFile emit is_path_valid is_name_valid entity_type entity_exists file_exists is_file_empty create_empty_file create_file copy_file remove_file @@ -144,9 +144,6 @@ our $obj_ext = undef; our $path_sep = undef; our $tmp_dir = undef; -# "logging" parameters -our $logfile = undef; - # Whether or not to do verbose mode our $verbose = 0; @@ -287,7 +284,9 @@ our $TPS_INITSCRIPT = "pki-tpsd"; my $fqdn = undef; # "logging" parameters -my $logfd = new FileHandle; +my $logfd = undef; +my $logfile_path = undef; + ############################################################## @@ -627,14 +626,43 @@ sub read_install_info_from_dir # Give an install info hash table writes it formated as a # "Installation Manifest" into specified directory under # the name $install_info_basename +# +# Returns pathname of manifest if successful, undef otherwise. sub write_install_info_to_dir { my ($dir, $install_info) = @_; my ($path, $formatted); + if (! defined($dir)) { + emit("Cannot write installation manifest, directory unspecified", "error"); + return undef; + } + + if (! defined($install_info_basename)) { + emit("Cannot write installation manifest, file basename unspecified", "error"); + return undef; + } + + if (! -e $dir) { + emit("Cannot write installation manifest, directory ($dir) does not exist", "error"); + return undef; + } + + if (! -d $dir) { + emit("Cannot write installation manifest, directory ($dir) is not a directory", "error"); + return undef; + } + + if (! -w $dir) { + emit("Cannot write installation manifest, directory ($dir) is not writable", "error"); + return undef; + } + $path = "${dir}/${install_info_basename}"; $formatted = format_install_info($install_info); write_file($path, \$formatted); + + return $path; } # Given an Installation Manifest (e.g. install_info) remove the items in @@ -1923,40 +1951,45 @@ sub modutil_add_token # Generic "logging" Subroutines ############################################################## -# no return value +# Return 1 if success, 0 if failure sub open_logfile { - my ($logfile_name) = @_; + my ($path, $permissions, $owner, $group) = @_; - $logfd->open(">$logfile_name") or - die "Could not open $logfile_name\n"; - - return; -} + + $logfd = FileHandle->new("> $path"); + if (defined($logfd)) { + $logfile_path = $path; + } else { + return 0; + } -# no return value -sub print_to_logfile -{ - my ($logfile_name, $message) = @_; + if (defined($permissions)) { + return 0 if !set_permissions($logfile_path, $permissions); + } - if (defined($logfile_name)) { - $logfd->print($message); + if (defined($owner) && defined($group)) { + return 0 if !set_owner_group($logfile_path, $owner, $group); } - return; + return 1; } +# no return value +sub get_logfile_path +{ + return $logfile_path; +} # no return value sub close_logfile { - my ($logfile_name) = @_; - - if ($logfile_name ne "") { + if (defined($logfd)) { $logfd->close(); } + $logfd = undef; return; } @@ -2033,8 +2066,10 @@ sub emit # If a log file exists, write all types # ("debug", "error", "info", or "log") # to this specified log file - $log_entry = "[$stamp] [$type] $string\n"; - print_to_logfile($logfile, $log_entry); + if (defined($logfd)) { + $log_entry = "[$stamp] [$type] $string\n"; + $logfd->print($log_entry); + } return; } @@ -2544,10 +2579,12 @@ sub walk_dir { next if $basename eq '..'; $$prune = 0; - if (-d "${dir}/${basename}") { # yes it is a directory + my $path = "${dir}/${basename}"; + if ((-d $path) && + ((! $opts->{'preserve_links'}) || (! -l $path))) { # yes it is a directory &$callback($dir, $basename, 1, $prune, $opts); if (!$$prune) { - walk_dir("${dir}/${basename}", $callback, $prune, $opts); + walk_dir($path, $callback, $prune, $opts); } } else { # not a directory @@ -2569,6 +2606,9 @@ sub walk_dir { # recursive (default = true) # If true then recusively descend into each directory, # otherwise just examine the starting directory +# preserve_links (default = true) +# If true symbolic links are preserved. +# If false symbolic links are traversed. # include_dirs (default = false) # If true include directories in the returned array, # otherwise directories are omitted. @@ -2611,13 +2651,14 @@ sub walk_dir { sub get_directory_files { my ($dir, $opts) = @_; - my ($strip_dir, $mark_dir, $recursive, $include_dirs, $include_files); + my ($strip_dir, $mark_dir, $recursive, $preserve_links, $include_dirs, $include_files); my ($dir_includes, $dir_excludes, $file_includes, $file_excludes); my ($files, $prune, $pat); $strip_dir = $opts->{'strip_dir'} // 0; $mark_dir = $opts->{'mark_dir'} // 0; $recursive = $opts->{'recursive'} // 1; + $preserve_links = $opts->{'preserve_links'} // 1; $include_dirs = $opts->{'include_dirs'} // 0; $include_files = $opts->{'include_files'} // 1; $dir_includes = $opts->{'dir_includes'} // undef; @@ -2632,6 +2673,7 @@ sub get_directory_files {'file_list' => $files, 'mark_dir' => $mark_dir, 'recursive' => $recursive, + 'preserve_links' => $preserve_links, 'include_dirs' => $include_dirs, 'include_files' => $include_files, 'dir_includes' => $dir_includes, @@ -2840,9 +2882,20 @@ sub copy_directory for $path (@$files) { $src_path = "${src_dir_path}/${path}"; $dst_path = "${dst_dir_path}/${path}"; - if (!copy_file($src_path, $dst_path, - $file_permissions, $owner, $group, $uninstall_action)) { - $result = 0; + + # Emulate cp's behavior with respect to symbolic links, + # symbolic links are NOT followed when copying recursively. + # During recursive copies symbolic links are recreated. + if (-l $src_path) { # src is a symbolic link + if (!copy_symlink($src_path, $dst_path, + $owner, $group, $uninstall_action)) { + $result = 0; + } + } else { # src is not a symbolic link + if (!copy_file($src_path, $dst_path, + $file_permissions, $owner, $group, $uninstall_action)) { + $result = 0; + } } } @@ -3028,6 +3081,54 @@ sub create_symlink return 1; } +# Return 1 if success, 0 if failure +sub copy_symlink +{ + my ($src_path, $dst_path, $owner, $group, $uninstall_action) = @_; + my ($target); + + $uninstall_action = 'remove' unless defined($uninstall_action); + + emit(sprintf("copy_symlink(%s)\n", join(", ", @_)), "debug"); + + add_install_info($dst_path, 'symlink', $uninstall_action); + + if (!is_path_valid($src_path)) { + emit("copy_symlink(): illegal src path => \"$src_path\".\n", + "error"); + remove_install_info($dst_path); + return 0; + } + + if (!is_path_valid($dst_path)) { + emit("copy_symlink(): illegal dst path => \"$dst_path\".\n", + "error"); + remove_install_info($dst_path); + return 0; + } + + if (! -l $src_path) { + emit("copy_symlink(): $src_path is not a symbolic link\n"); + return 0; + } + + return 1 if $dry_run; + + $target = readlink($src_path); + + if (!symlink($target, $dst_path)) { + emit("could not symbolically link $target dst_path", "error"); + remove_install_info($dst_path); + return 0; + } + + if (defined($owner) && defined($group)) { + return 0 if !set_owner_group_on_symlink($dst_path, $owner, $group); + } + + return 1; +} + # Return 1 if success, 0 if failure sub remove_symlink diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index f8ba09f89..d4336e509 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -203,6 +203,7 @@ my $noise_base_name = "noise"; # CA, KRA, OCSP, T my $nss_conf_base_name = "nss.conf"; # RA, TPS my $perl_conf_base_name = "perl.conf"; # RA, TPS my $osutil_jar_base_name = "osutil.jar"; # CA, KRA, OCSP, TKS +my $symkey_jar_base_name = "symkey.jar"; # CA, KRA, OCSP, TKS my $password_conf_base_name = "password.conf"; # CA, KRA, OCSP, TKS, # RA, TPS my $pfile_base_name = "pfile"; # CA, KRA, OCSP, TKS, @@ -494,6 +495,8 @@ my $perl_conf_instance_file_path = undef; # RA, TPS my $perl_conf_subsystem_file_path = undef; # RA, TPS my $osutil_jar_file_path = undef; # CA, KRA, OCSP, TKS my $osutil_jar_symlink_path = undef; # CA, KRA, OCSP, TKS +my $symkey_jar_file_path = undef; # CA, KRA, OCSP, TKS +my $symkey_jar_symlink_path = undef; # CA, KRA, OCSP, TKS my $password_conf_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS my $perl_instance_symlink_path = undef; # RA, TPS my $perl_subsystem_path = undef; # RA, TPS @@ -1021,14 +1024,18 @@ sub parse_arguments return 0; } - # capture installation information in a log file - # (always overwrite this file) - $logfile = "/var/log/$pki_instance_name-install.log"; - open_logfile($logfile); - set_permissions($logfile, $default_file_permissions); + # Capture installation information in a log file, always overwrite this file. + # When creating an instance it's a fatal error if the logfile + # cannot be created. + my $logfile = "/var/log/${pki_instance_name}-install.log"; + if (!open_logfile($logfile, $default_file_permissions)) { + emit("can not create logfile ($logfile)", "error"); + return 0; + } + add_install_info($logfile, 'file', 'preserve'); - print(STDOUT "Capturing installation information in $logfile.\n"); + printf(STDOUT "Capturing installation information in %s\n", $logfile); emit("Parsing PKI creation arguments ...\n"); @@ -1715,6 +1722,10 @@ sub initialize_subdirectory_paths . "/" . $osutil_jar_base_name; $osutil_jar_symlink_path = $webinf_lib_instance_path . "/" . $osutil_jar_base_name; + $symkey_jar_file_path = $default_system_jni_java_path + . "/" . $symkey_jar_base_name; + $symkey_jar_symlink_path = $webinf_lib_instance_path + . "/" . $symkey_jar_base_name; $server_xml_subsystem_file_path = $conf_subsystem_path . "/" . $server_xml_base_name; $servercertnick_conf_subsystem_file_path = $conf_subsystem_path @@ -2585,14 +2596,14 @@ sub process_pki_files_and_symlinks # create a filled in empty "password.conf" # password file for this instance return 0 if !create_file($password_conf_instance_file_path, - "${default_security_token}:$db_password", + "${default_security_token}:${db_password}\n", $default_file_permissions, $pki_user, $pki_group); # create a filled in empty temporary "pfile" # password file for this instance return 0 if !create_file($pfile_instance_file_path, - $db_password, + "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); ## Populate instances (RA, TPS instances) @@ -2673,6 +2684,10 @@ sub process_pki_files_and_symlinks return 0 if !create_symlink($osutil_jar_symlink_path, $osutil_jar_file_path, $pki_user, $pki_group); + # create instance symlink to "symkey.jar" + return 0 if !create_symlink($symkey_jar_symlink_path, $symkey_jar_file_path, + $pki_user, $pki_group); + # create symlink to "tomcatjss.jar" return 0 if !create_symlink($tomcatjss_jar_symlink_path, $tomcatjss_jar_file_path, $pki_user, $pki_group); @@ -3033,6 +3048,40 @@ sub cleanup return $result; } +# Return 1 if success, 0 if failure +sub write_install_info +{ + if ($dry_run) { + return 1; + } else { + if (!defined($pki_instance_path)) { + return 0; + } + my $install_info_file_path = write_install_info_to_dir($pki_instance_path, + \%installation_info); + if (defined($install_info_file_path)) { + emit(sprintf("Installation manifest: %s", $install_info_file_path)); + return 1; + } else { + return 0; + } + } +} + +############################################################## +# Signal Handlers +############################################################## + +sub die_handler +{ + my ($msg) = @_; + + # If we abort write the installation manifest + # so cleanup can still be performed later. + write_install_info(); +} + +$SIG{'__DIE__'} = \&die_handler; ############################################################## # Main Program @@ -3062,8 +3111,7 @@ sub main $parse_result = parse_arguments(); if (!$parse_result || $parse_result == -1) { - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); exit 255; } @@ -3087,27 +3135,21 @@ ASK_AGAIN: goto ASK_AGAIN; } - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); exit 255; } print(STDOUT "\n"); - print(STDOUT - "PKI instance creation completed ...\n\n"); + print(STDOUT "PKI instance creation completed ...\n\n"); + # Write the installation manifest. + write_install_info(); - my $install_info_file_path = "${pki_instance_path}/${install_info_basename}"; my $install_description = get_install_description(); - if (!$dry_run) { - write_install_info_to_dir($pki_instance_path, \%installation_info); - } - - emit(sprintf("The following was performed (recorded in \"%s\")\n%s\n", - $install_info_file_path, $install_description)); + emit(sprintf("The following was performed:\n%s\n", $install_description)); - print(STDOUT "Installation information recorded in $logfile.\n"); + printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path()); $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript restart $pki_instance_name"; @@ -3173,8 +3215,7 @@ ASK_AGAIN: "log"); } - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); return; } diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index bf347e28c..817ded174 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -431,7 +431,7 @@ sub remove_selinux_ports sub remove_instance { my ($result, $confirm, $install_info); - + $confirm = "Y"; $result = 1; print(STDOUT "PKI instance Deletion Utility cleaning up instance ...\n\n"); @@ -570,11 +570,11 @@ sub main exit 255; } - # capture installation information in a log file - # (always overwrite this file) - $logfile = "/var/log/${pki_instance_name}-uninstall.log"; - open_logfile($logfile); - set_permissions($logfile, $default_file_permissions); + # Capture uninstall information in a log file, always overwrite this file. + # When removing an instance it's never a fatal error if the logfile + # cannot be created. + my $logfile = "/var/log/${pki_instance_name}-uninstall.log"; + open_logfile($logfile, $default_file_permissions); emit("Capturing installation information in $logfile.\n"); diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml index e26d09dc3..856c2c2a5 100644 --- a/pki/base/tks/shared/conf/server.xml +++ b/pki/base/tks/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/tks/shared/conf/tomcat6.conf b/pki/base/tks/shared/conf/tomcat6.conf new file mode 100644 index 000000000..31385567d --- /dev/null +++ b/pki/base/tks/shared/conf/tomcat6.conf @@ -0,0 +1,55 @@ +# Service-specific configuration file for tomcat6. This will be sourced by +# the SysV init script after the global configuration file +# /etc/tomcat6/tomcat6.conf, thus allowing values to be overridden in +# a per-service manner. +# +# NEVER change the init script itself. To change values for all services make +# your changes in /etc/tomcat6/tomcat6.conf +# +# To change values for a specific service make your edits here. +# To create a new service create a link from /etc/init.d/<your new service> to +# /etc/init.d/tomcat6 (do not copy the init script) and make a copy of the +# /etc/sysconfig/tomcat6 file to /etc/sysconfig/<your new service> and change +# the property values so the two services won't conflict. Register the new +# service in the system as usual (see chkconfig and similars). +# + +# Where your java installation lives +#JAVA_HOME="/usr/lib/jvm/java" + +# Where your tomcat installation lives +CATALINA_BASE="[PKI_INSTANCE_PATH]" +#CATALINA_HOME="/usr/share/tomcat6" +#JASPER_HOME="/usr/share/tomcat6" +#CATALINA_TMPDIR="/var/cache/tomcat6/temp" + +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=/usr/lib64" + +# What user should run tomcat +TOMCAT_USER="[PKI_USER]" + +# You can change your tomcat locale here +#LANG="en_US" + +# Run tomcat under the Java Security Manager +#SECURITY_MANAGER="false" + +# Time to wait in seconds, before killing process +#SHUTDOWN_WAIT="30" + +# Whether to annoy the user with "attempting to shut down" messages or not +#SHUTDOWN_VERBOSE="false" + +# Set the TOMCAT_PID location +CATALINA_PID="[TOMCAT_PIDFILE]" + +# Connector port is 8080 for this tomcat6 instance +#CONNECTOR_PORT="8080" + +# If you wish to further customize your tomcat environment, +# put your own definitions here +# (i.e. LD_LIBRARY_PATH for some jdbc drivers) diff --git a/pki/base/tps/CMakeLists.txt b/pki/base/tps/CMakeLists.txt index b97cccf56..04859aaa3 100644 --- a/pki/base/tps/CMakeLists.txt +++ b/pki/base/tps/CMakeLists.txt @@ -20,8 +20,6 @@ install( ) install( - FILES - apache/apachectl DESTINATION ${LIB_INSTALL_DIR}/${APPLICATION_NAME}/${PROJECT_NAME} PERMISSIONS diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am index a98fd8971..9bb9d7665 100644 --- a/pki/base/tps/Makefile.am +++ b/pki/base/tps/Makefile.am @@ -188,8 +188,6 @@ initd_SCRIPTS = $(srcdir)/etc/init.d/pki-tpsd license_DATA = $(srcdir)/LICENSE -libexec_SCRIPTS = $(srcdir)/apache/apachectl - # create an empty 'logs' directory logs_DATA = diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index 090edfeee..2b692972c 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -671,7 +671,6 @@ docroot_tps_img_DATA = docroot_tps_js_DATA = initd_SCRIPTS = $(srcdir)/etc/init.d/pki-tpsd license_DATA = $(srcdir)/LICENSE -libexec_SCRIPTS = $(srcdir)/apache/apachectl # create an empty 'logs' directory logs_DATA = diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec index ad07ed68e..900e1b6c4 100644 --- a/pki/dogtag/tps/pki-tps.spec +++ b/pki/dogtag/tps/pki-tps.spec @@ -140,7 +140,6 @@ cp -rp %{buildroot}/opt/samples* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/scripts* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/setup* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/templates* %{buildroot}%{_datadir}/pki/tps -cp -p %{buildroot}%{_libexecdir}/apachectl* %{buildroot}%{_libdir}/pki/tps cp -p %{buildroot}%{_libexecdir}/tpsclient* %{buildroot}%{_libdir}/pki/tps # create wrappers |