summaryrefslogtreecommitdiffstats
path: root/pki
diff options
context:
space:
mode:
authorvakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-09-09 20:42:46 +0000
committervakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-09-09 20:42:46 +0000
commit78a301689d984401ad7098049ddb2f6e5504d957 (patch)
treea5d9b21416785e6558300001a3c8dafece76c8a3 /pki
parent4ee4f5ae0e627ab89499844f95f0bc4b8cd4cd2e (diff)
downloadpki-78a301689d984401ad7098049ddb2f6e5504d957.tar.gz
pki-78a301689d984401ad7098049ddb2f6e5504d957.tar.xz
pki-78a301689d984401ad7098049ddb2f6e5504d957.zip
Bugzilla BZ# 699809 - Convert certificate system to use systemd
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2196 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r--pki/CMakeLists.txt8
-rw-r--r--pki/base/ca/CMakeLists.txt26
-rw-r--r--pki/base/ca/shared/conf/CS.cfg.in1
-rw-r--r--pki/base/ca/shared/lib/systemd/system/pki-cad.target8
-rw-r--r--pki/base/ca/shared/lib/systemd/system/pki-cad@.service13
-rw-r--r--pki/base/common/CMakeLists.txt12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java11
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java11
-rw-r--r--pki/base/kra/CMakeLists.txt22
-rw-r--r--pki/base/kra/shared/conf/CS.cfg.in1
-rw-r--r--pki/base/kra/shared/lib/systemd/system/pki-krad.target8
-rw-r--r--pki/base/kra/shared/lib/systemd/system/pki-krad@.service13
-rw-r--r--pki/base/ocsp/CMakeLists.txt21
-rw-r--r--pki/base/ocsp/shared/conf/CS.cfg.in1
-rw-r--r--pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target8
-rw-r--r--pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service13
-rw-r--r--pki/base/setup/CMakeLists.txt3
-rwxr-xr-xpki/base/setup/pkicommon.pm19
-rwxr-xr-xpki/base/setup/pkicreate54
-rwxr-xr-xpki/base/setup/pkiremove45
-rw-r--r--pki/base/setup/scripts/functions (renamed from pki/base/common/scripts/functions)171
-rwxr-xr-xpki/base/setup/scripts/pki_apache_initscript (renamed from pki/base/common/scripts/pki_apache_initscript)0
-rwxr-xr-xpki/base/setup/scripts/pkicontrol73
-rw-r--r--pki/base/tks/CMakeLists.txt21
-rw-r--r--pki/base/tks/shared/conf/CS.cfg.in1
-rw-r--r--pki/base/tks/shared/lib/systemd/system/pki-tksd.target8
-rw-r--r--pki/base/tks/shared/lib/systemd/system/pki-tksd@.service13
-rw-r--r--pki/cmake/Modules/DefineInstallationPaths.cmake9
-rwxr-xr-xpki/scripts/compose_pki_core_packages2
-rwxr-xr-xpki/scripts/compose_pki_kra_packages2
-rwxr-xr-xpki/scripts/compose_pki_ocsp_packages2
-rwxr-xr-xpki/scripts/compose_pki_tks_packages2
-rw-r--r--pki/specs/pki-core.spec63
-rw-r--r--pki/specs/pki-kra.spec45
-rw-r--r--pki/specs/pki-ocsp.spec47
-rw-r--r--pki/specs/pki-tks.spec46
36 files changed, 697 insertions, 106 deletions
diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt
index c6665862a..6a25b4023 100644
--- a/pki/CMakeLists.txt
+++ b/pki/CMakeLists.txt
@@ -23,20 +23,20 @@ elseif (BUILD_REDHAT_PKI_THEME)
elseif (BUILD_PKI_CORE)
set(APPLICATION_FLAVOR_PKI_CORE TRUE)
# override APPLICATION VERSION
- set(APPLICATION_VERSION_PATCH "12")
+ set(APPLICATION_VERSION_PATCH "13")
elseif (BUILD_PKI_KRA)
set(APPLICATION_FLAVOR_PKI_KRA TRUE)
# override APPLICATION VERSION
- set(APPLICATION_VERSION_PATCH "5")
+ set(APPLICATION_VERSION_PATCH "6")
elseif (BUILD_PKI_OCSP)
set(APPLICATION_FLAVOR_PKI_OCSP TRUE)
- set(APPLICATION_VERSION_PATCH "4")
+ set(APPLICATION_VERSION_PATCH "5")
elseif (BUILD_PKI_RA)
set(APPLICATION_FLAVOR_PKI_RA TRUE)
set(APPLICATION_VERSION_PATCH "3")
elseif (BUILD_PKI_TKS)
set(APPLICATION_FLAVOR_PKI_TKS TRUE)
- set(APPLICATION_VERSION_PATCH "4")
+ set(APPLICATION_VERSION_PATCH "5")
elseif (BUILD_PKI_TPS)
set(APPLICATION_FLAVOR_PKI_TPS TRUE)
# override APPLICATION VERSION
diff --git a/pki/base/ca/CMakeLists.txt b/pki/base/ca/CMakeLists.txt
index 9ad04dadc..153208c2d 100644
--- a/pki/base/ca/CMakeLists.txt
+++ b/pki/base/ca/CMakeLists.txt
@@ -4,18 +4,30 @@ add_subdirectory(src)
add_subdirectory(setup)
add_subdirectory(shared/conf)
-# install init script
+# install systemd scripts
install(
FILES
- shared/etc/init.d/pki-cad
+ shared/lib/systemd/system/pki-cad.target
+ shared/lib/systemd/system/pki-cad@.service
DESTINATION
- ${SYSCONF_INSTALL_DIR}/rc.d/init.d
+ ${SYSTEMD_LIB_INSTALL_DIR}
PERMISSIONS
OWNER_EXECUTE OWNER_WRITE OWNER_READ
GROUP_EXECUTE GROUP_READ
WORLD_EXECUTE WORLD_READ
)
+# install init script
+install(
+ FILES
+ shared/etc/init.d/pki-cad
+ DESTINATION
+ ${SYSCONF_INSTALL_DIR}/rc.d/init.d
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+)
+
# install directories
install(
DIRECTORY
@@ -28,6 +40,8 @@ install(
"etc/*" EXCLUDE
PATTERN
"conf/CS.cfg.in" EXCLUDE
+ PATTERN
+ "lib/*" EXCLUDE
)
# install empty directories
@@ -42,3 +56,9 @@ install(
DESTINATION
${VAR_INSTALL_DIR}/run/pki/ca
)
+
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-cad.target.wants
+)
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in
index e3447bbc8..f08fc2ce2 100644
--- a/pki/base/ca/shared/conf/CS.cfg.in
+++ b/pki/base/ca/shared/conf/CS.cfg.in
@@ -13,6 +13,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.arg11.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
preop.wizard.name=CA Setup Wizard
diff --git a/pki/base/ca/shared/lib/systemd/system/pki-cad.target b/pki/base/ca/shared/lib/systemd/system/pki-cad.target
new file mode 100644
index 000000000..dab661403
--- /dev/null
+++ b/pki/base/ca/shared/lib/systemd/system/pki-cad.target
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Certificate Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
diff --git a/pki/base/ca/shared/lib/systemd/system/pki-cad@.service b/pki/base/ca/shared/lib/systemd/system/pki-cad@.service
new file mode 100644
index 000000000..e205d72fb
--- /dev/null
+++ b/pki/base/ca/shared/lib/systemd/system/pki-cad@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Certificate Authority Server %i
+After=pki-cad.target
+BindTo=pki-cad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ca %i
+ExecStop=/usr/bin/pkicontrol stop ca %i
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/pki/base/common/CMakeLists.txt b/pki/base/common/CMakeLists.txt
index d8fb5d2c1..5a35f6fbc 100644
--- a/pki/base/common/CMakeLists.txt
+++ b/pki/base/common/CMakeLists.txt
@@ -2,18 +2,6 @@ project(common Java)
install(
FILES
- scripts/functions
- scripts/pki_apache_initscript
- DESTINATION
- ${DATA_INSTALL_DIR}/scripts/
- PERMISSIONS
- OWNER_EXECUTE OWNER_WRITE OWNER_READ
- GROUP_EXECUTE GROUP_READ
- WORLD_EXECUTE WORLD_READ
-)
-
-install(
- FILES
setup/CertServer.directory
setup/menu.xml
DESTINATION
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index f21a56de9..fa5840dcd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -180,11 +180,13 @@ public class DonePanel extends WizardPanelBase {
String type = "";
String instanceId = "";
String instanceRoot = "";
+ String systemdService = "";
try {
type = cs.getString("cs.type", "");
instanceId = cs.getString("instanceId");
instanceRoot = cs.getString("instanceRoot");
select = cs.getString("preop.subsystem.select", "");
+ systemdService = cs.getString("pkicreate.systemd.servicename", "");
} catch (Exception e) {}
String initDaemon = "";
@@ -199,8 +201,13 @@ public class DonePanel extends WizardPanelBase {
}
String os = System.getProperty( "os.name" );
if( os.equalsIgnoreCase( "Linux" ) ) {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ if (! systemdService.equals("")) {
+ context.put( "initCommand", "/bin/systemctl");
+ context.put( "instanceId", systemdService );
+ } else {
+ context.put( "initCommand", "/sbin/service " + initDaemon );
+ context.put( "instanceId", instanceId );
+ }
} else {
/* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
context.put( "initCommand", "/etc/init.d/" + initDaemon );
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 6abdd8618..160cc74c3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -99,11 +99,13 @@ public class SecurityDomainPanel extends WizardPanelBase {
String default_admin_url = "";
String name = "";
String cstype = "";
+ String systemdService = "";
try {
default_admin_url = config.getString("preop.securitydomain.admin_url", "");
name = config.getString("preop.securitydomain.name", "");
cstype = config.getString("cs.type", "");
+ systemdService = config.getString("pkicreate.systemd.servicename", "");
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -214,8 +216,13 @@ public class SecurityDomainPanel extends WizardPanelBase {
String instanceId = "&lt;security_domain_instance_name&gt;";
String os = System.getProperty( "os.name" );
if( os.equalsIgnoreCase( "Linux" ) ) {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ if (! systemdService.equals("")) {
+ context.put( "initCommand", "/usr/bin/pkicontrol" );
+ context.put( "instanceId", "ca " + systemdService );
+ } else {
+ context.put( "initCommand", "/sbin/service " + initDaemon );
+ context.put( "instanceId", instanceId );
+ }
} else {
/* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
context.put( "initCommand", "/etc/init.d/" + initDaemon );
diff --git a/pki/base/kra/CMakeLists.txt b/pki/base/kra/CMakeLists.txt
index dc2564c92..0e15b2d52 100644
--- a/pki/base/kra/CMakeLists.txt
+++ b/pki/base/kra/CMakeLists.txt
@@ -4,6 +4,19 @@ add_subdirectory(src)
add_subdirectory(setup)
add_subdirectory(shared/conf)
+# install systemd scripts
+install(
+ FILES
+ shared/lib/systemd/system/pki-krad.target
+ shared/lib/systemd/system/pki-krad@.service
+ DESTINATION
+ ${SYSTEMD_LIB_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
# install init script
install(
FILES
@@ -28,6 +41,8 @@ install(
"etc/*" EXCLUDE
PATTERN
"conf/CS.cfg.in" EXCLUDE
+ PATTERN
+ "lib/*" EXCLUDE
)
# install empty directories
@@ -42,3 +57,10 @@ install(
DESTINATION
${VAR_INSTALL_DIR}/run/pki/kra
)
+
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-krad.target.wants
+)
+
diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in
index 4bf1c738e..fb682d756 100644
--- a/pki/base/kra/shared/conf/CS.cfg.in
+++ b/pki/base/kra/shared/conf/CS.cfg.in
@@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
preop.wizard.name=DRM Setup Wizard
diff --git a/pki/base/kra/shared/lib/systemd/system/pki-krad.target b/pki/base/kra/shared/lib/systemd/system/pki-krad.target
new file mode 100644
index 000000000..b7027fc72
--- /dev/null
+++ b/pki/base/kra/shared/lib/systemd/system/pki-krad.target
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Key Recovery Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
diff --git a/pki/base/kra/shared/lib/systemd/system/pki-krad@.service b/pki/base/kra/shared/lib/systemd/system/pki-krad@.service
new file mode 100644
index 000000000..3c4f177a9
--- /dev/null
+++ b/pki/base/kra/shared/lib/systemd/system/pki-krad@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Key Recovery Authority Server %i
+After=pki-krad.target
+BindTo=pki-krad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start kra %i
+ExecStop=/usr/bin/pkicontrol stop kra %i
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/pki/base/ocsp/CMakeLists.txt b/pki/base/ocsp/CMakeLists.txt
index 1a7809074..c8e22ea1e 100644
--- a/pki/base/ocsp/CMakeLists.txt
+++ b/pki/base/ocsp/CMakeLists.txt
@@ -4,6 +4,19 @@ add_subdirectory(src)
add_subdirectory(setup)
add_subdirectory(shared/conf)
+# install systemd scripts
+install(
+ FILES
+ shared/lib/systemd/system/pki-ocspd.target
+ shared/lib/systemd/system/pki-ocspd@.service
+ DESTINATION
+ ${SYSTEMD_LIB_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
# install init script
install(
FILES
@@ -28,6 +41,8 @@ install(
"etc/*" EXCLUDE
PATTERN
"CS.cfg.in" EXCLUDE
+ PATTERN
+ "lib/*" EXCLUDE
)
# install empty directories
@@ -42,3 +57,9 @@ install(
DESTINATION
${VAR_INSTALL_DIR}/run/pki/ocsp
)
+
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-ocspd.target.wants
+)
diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in
index 4cd234c84..6d46b7905 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg.in
+++ b/pki/base/ocsp/shared/conf/CS.cfg.in
@@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
cs.type=OCSP
diff --git a/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target
new file mode 100644
index 000000000..5db6bf4df
--- /dev/null
+++ b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Online Certificate Status Protocol Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
diff --git a/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service
new file mode 100644
index 000000000..7b4e7855b
--- /dev/null
+++ b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Online Certificate Status Protocol Server %i
+After=pki-ocspd.target
+BindTo=pki-ocspd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ocsp %i
+ExecStop=/usr/bin/pkicontrol stop ocsp %i
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/pki/base/setup/CMakeLists.txt b/pki/base/setup/CMakeLists.txt
index 6bd791d90..c12758fe4 100644
--- a/pki/base/setup/CMakeLists.txt
+++ b/pki/base/setup/CMakeLists.txt
@@ -4,6 +4,7 @@ install(
FILES
pkicreate
pkiremove
+ scripts/pkicontrol
DESTINATION
${BIN_INSTALL_DIR}
PERMISSIONS
@@ -15,6 +16,8 @@ install(
install(
FILES
pkicommon.pm
+ scripts/functions
+ scripts/pki_apache_initscript
DESTINATION
${DATA_INSTALL_DIR}/scripts/
PERMISSIONS
diff --git a/pki/base/setup/pkicommon.pm b/pki/base/setup/pkicommon.pm
index 0d7be6080..51db599f4 100755
--- a/pki/base/setup/pkicommon.pm
+++ b/pki/base/setup/pkicommon.pm
@@ -49,7 +49,7 @@ our @EXPORT = qw(
parse_install_info parse_old_cleanup read_old_cleanup
read_install_info read_install_info_from_dir write_install_info_to_dir uninstall
is_Windows is_Linux is_Fedora is_RHEL is_RHEL4 setup_platform_dependent_parameters
- set_library_path get_library_path
+ set_library_path get_library_path fedora_release
check_for_root_UID user_disallows_shell
user_exists create_user
group_exists create_group user_is_a_member_of_group add_user_as_a_member_of_group
@@ -802,6 +802,21 @@ sub is_RHEL4 {
return 0;
}
+# no args
+# return release_number
+# return 0 if not found
+sub fedora_release {
+ my $releasefd = new FileHandle;
+ if ($releasefd->open("< /etc/fedora-release")) {
+ while (defined(my $line = <$releasefd>)) {
+ if ($line =~ /Fedora release (\d*)/) {
+ return $1;
+ }
+ }
+ }
+ return 0;
+}
+
# no args
# no return value
@@ -2118,7 +2133,7 @@ sub is_path_valid
foreach $split_path (@pathname) {
chomp($split_path);
- if (!($split_path !~ /^[-_.a-zA-Z0-9\[\]]+$/)) {
+ if (!($split_path !~ /^[-_.a-zA-Z0-9\[\]\@]+$/)) {
$valid = 1;
} else {
$valid = 0;
diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate
index ea3bc2ef3..4524c9f96 100755
--- a/pki/base/setup/pkicreate
+++ b/pki/base/setup/pkicreate
@@ -332,6 +332,7 @@ my $PKI_AJP_REDIRECT_PORT_SLOT = "PKI_AJP_REDIRECT_PORT"
my $PKI_AJP_PORT_SLOT = "PKI_AJP_PORT";
my $PROXY_SECURE_PORT_SLOT = "PKI_PROXY_SECURE_PORT";
my $PROXY_UNSECURE_PORT_SLOT = "PKI_PROXY_UNSECURE_PORT";
+my $PKI_SYSTEMD_SERVICENAME_SLOT = "PKI_SYSTEMD_SERVICENAME";
my $PKI_UNSECURE_PORT_NAME = "Unsecure";
my $PKI_AGENT_SECURE_PORT_NAME = "Agent";
my $PKI_ADMIN_SECURE_PORT_NAME = "Admin";
@@ -577,6 +578,12 @@ my $root_user = undef;
my $root_group = undef;
my $pki_instance_initscript_path = undef;
+#systemd specific variables
+my $use_systemd = 0;
+my $pki_subsystem_systemd_wants_path = undef;
+my $pki_subsystem_systemd_service_path = undef;
+my $pki_instance_systemd_service_name = undef;
+
##############################################################
# Platform-Dependent Data Initialization
@@ -587,8 +594,16 @@ if ($^O eq "linux") {
$setup_config_area = "/usr/share/applications";
$setup_config_name = "config.desktop";
+ if (is_Fedora() && (fedora_release() >= 16)) {
+ $use_systemd = 1;
+ }
+
# Linux init scripts
- $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6";
+ if ($use_systemd) {
+ $tomcat6_initscript_path = "/usr/sbin/tomcat6-sysd";
+ } else {
+ $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6";
+ }
# Tomcat instance config directory
$tomcat6_instance_config_path = "/etc/sysconfig";
@@ -1432,6 +1447,13 @@ sub initialize_subsystem_paths
$pki_registry_subsystem_file_path = $setup_subsystem_path
. "/" . $registry_template_base_name;
+ $pki_registry_initscript = get_registry_initscript_name($subsystem_type);
+
+ ## systemd subsystem variables
+ $pki_subsystem_systemd_wants_path =
+ "/etc/systemd/system/${pki_registry_initscript}.target.wants";
+ $pki_subsystem_systemd_service_path =
+ "/lib/systemd/system/${pki_registry_initscript}\@.service";
## Initialize subsystem directory paths (CA subsystems)
if ($subsystem_type eq $CA) {
@@ -1512,6 +1534,10 @@ sub initialize_instance_paths
. "/" . $pki_instance_name
. ".pid";
+ ## systemd instance service name
+ $pki_instance_systemd_service_name =
+ "${pki_registry_initscript}\@${pki_instance_name}.service";
+
## Initialize instance directory paths (RA, TPS instances)
if ($subsystem_type eq $RA || $subsystem_type eq $TPS) {
if ($subsystem_type eq $TPS) {
@@ -1597,8 +1623,6 @@ sub initialize_subdirectory_paths
$setup_config_subsystem_file_path = $setup_subsystem_path
. "/" . $setup_config_name;
- $pki_registry_initscript = get_registry_initscript_name($subsystem_type);
-
## Initialize subdirectory paths (CA subsystems)
if ($subsystem_type eq $CA) {
$profile_select_template_subsystem_file_path = $ui_subsystem_path
@@ -2401,6 +2425,12 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so
$slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path;
$slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port;
+ if ($use_systemd) {
+ $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = $pki_instance_systemd_service_name;
+ } else {
+ $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = "";
+ }
+
# Define "Port Separation" (default) versus "Shared Ports" (legacy)
if ($use_port_separation) {
# Establish "Port Separation" Connector Names
@@ -2803,6 +2833,16 @@ sub process_pki_files_and_symlinks
# to find our tomcat6 configuration file in /etc/sysconfig
return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path,
$root_user, $root_group);
+ if ($use_systemd) {
+ return 0 if !create_symlink(
+ "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}",
+ "$pki_subsystem_systemd_service_path",
+ $root_user, $root_group);
+
+ # reload systemd configuration
+ run_command("/bin/systemctl --system daemon-reload");
+
+ }
return 0 if !create_directory($webinf_lib_instance_path,
$default_dir_permissions, $pki_user, $pki_group);
@@ -3353,7 +3393,13 @@ ASK_AGAIN:
printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path());
- $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript restart $pki_instance_name";
+ if ($use_systemd) {
+ $pki_registry_initscript_command =
+ "/bin/systemctl restart $pki_instance_systemd_service_name";
+ } else {
+ $pki_registry_initscript_command =
+ "/sbin/service $pki_registry_initscript restart $pki_instance_name";
+ }
$command = "${pki_registry_initscript_command}";
run_command($command);
diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove
index 16023d5a7..dd9fbc7f9 100755
--- a/pki/base/setup/pkiremove
+++ b/pki/base/setup/pkiremove
@@ -120,11 +120,18 @@ my $pki_registry_initscript_command = undef;
# PKI registry variables
my $pki_registry_subsystem_path = undef;
+#systemd specific variables
+my $use_systemd = 0;
+my $pki_instance_systemd_service_name = undef;
+
##############################################################
# Platform-Dependent Data Initialization
##############################################################
if ($^O eq "linux") {
+ if (is_Fedora() && (fedora_release() >= 16)) {
+ $use_systemd = 1;
+ }
} else {
emit("Unsupported platform '$^O'!\n", "error");
exit 255;
@@ -484,23 +491,22 @@ ASK_AGAIN:
}
}
- # De-register this instance with "chkconfig"
- if ($^O eq "linux") {
- if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
- # De-register this instance with '/sbin/chkconfig'
- print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n");
- deregister_pki_instance_with_chkconfig($pki_instance_name);
- }
- }
-
$pki_registry_initscript = get_registry_initscript_name($subsystem_type);
# Shutdown this instance
if ($^O eq "linux") {
- if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
- $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop";
+ if ($use_systemd) {
+ $pki_instance_systemd_service_name =
+ "${pki_registry_initscript}\@${pki_instance_name}.service";
+ $pki_registry_initscript_command =
+ "/bin/systemctl stop $pki_instance_systemd_service_name";
} else {
- $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript stop $pki_instance_name";
+ if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
+ $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop";
+ } else {
+ $pki_registry_initscript_command =
+ "/sbin/service $pki_registry_initscript stop $pki_instance_name";
+ }
}
} else {
emit("Unsupported platform '$^O'!\n", "error");
@@ -508,11 +514,26 @@ ASK_AGAIN:
}
run_command($pki_registry_initscript_command);
+ if (!$use_systemd) {
+ # De-register this instance with "chkconfig"
+ if ($^O eq "linux") {
+ if (entity_exists("$default_initscripts_path/$pki_instance_name")) {
+ # De-register this instance with '/sbin/chkconfig'
+ print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n");
+ deregister_pki_instance_with_chkconfig($pki_instance_name);
+ }
+ }
+ }
+
print(STDOUT "\n");
# Remove all installed files and directories.
$result = 0 if !uninstall($install_info);
+ if ($use_systemd) {
+ run_command("/bin/systemctl --system daemon-reload");
+ }
+
print(STDOUT "\n");
return $result;
diff --git a/pki/base/common/scripts/functions b/pki/base/setup/scripts/functions
index 2b8b82bdf..516bf32e2 100644
--- a/pki/base/common/scripts/functions
+++ b/pki/base/setup/scripts/functions
@@ -143,6 +143,24 @@ usage()
echo
}
+usage_systemd()
+{
+ echo -n "Usage: /usr/bin/pkicontrol "
+ echo -n "{start"
+ echo -n "|stop"
+ echo -n "|restart"
+ echo -n "|condrestart"
+ echo -n "|force-restart"
+ echo -n "|try-restart"
+ echo -n "|reload"
+ echo -n "|status} "
+ echo -n "subsytem-type "
+ echo -n "[instance-name]"
+ echo
+ echo
+}
+
+
list_instances()
{
echo
@@ -154,35 +172,68 @@ list_instances()
}
# Check arguments
-if [ $# -lt 1 ] ; then
- # 3 unimplemented feature (for example, "reload")
- # [insufficient arguments]
- echo "$PROG_NAME: Insufficient arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- exit 3
-elif [ ${default_error} -eq 2 ] ; then
- # 2 invalid argument
- echo "$PROG_NAME: Invalid arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- exit 2
-elif [ $# -gt 2 ] ; then
- echo "$PROG_NAME: Excess arguments!"
- echo
- usage
- echo "where valid instance names include:"
- list_instances
- if [ "${command}" != "status" ]; then
- # 2 excess arguments
+if [ $SYSTEMD ]; then
+ if [ $# -lt 2 ] ; then
+ # [insufficient arguments]
+ echo "$PROG_NAME: Insufficient arguments!"
+ echo
+ usage_systemd
+ echo "where valid instance names include:"
+ list_instances
+ exit 3
+ elif [ ${default_error} -eq 2 ] ; then
+ # 2 invalid argument
+ echo "$PROG_NAME: Invalid arguments!"
+ echo
+ usage_systemd
+ echo "where valid instance names include:"
+ list_instances
exit 2
- else
- # 4 program or service status is unknown
- exit 4
+ elif [ $# -gt 3 ] ; then
+ echo "$PROG_NAME: Excess arguments!"
+ echo
+ usage_systemd
+ echo "where valid instance names include:"
+ list_instances
+ if [ "${command}" != "status" ]; then
+ # 2 excess arguments
+ exit 2
+ else
+ # 4 program or service status is unknown
+ exit 4
+ fi
+ fi
+else
+ if [ $# -lt 1 ] ; then
+ # 3 unimplemented feature (for example, "reload")
+ # [insufficient arguments]
+ echo "$PROG_NAME: Insufficient arguments!"
+ echo
+ usage
+ echo "where valid instance names include:"
+ list_instances
+ exit 3
+ elif [ ${default_error} -eq 2 ] ; then
+ # 2 invalid argument
+ echo "$PROG_NAME: Invalid arguments!"
+ echo
+ usage
+ echo "where valid instance names include:"
+ list_instances
+ exit 2
+ elif [ $# -gt 2 ] ; then
+ echo "$PROG_NAME: Excess arguments!"
+ echo
+ usage
+ echo "where valid instance names include:"
+ list_instances
+ if [ "${command}" != "status" ]; then
+ # 2 excess arguments
+ exit 2
+ else
+ # 4 program or service status is unknown
+ exit 4
+ fi
fi
fi
@@ -198,8 +249,11 @@ if [ -n "${pki_instance}" ]; then
done
if [ $valid -eq 0 ]; then
echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance"
- echo_failure
+ if [ ! $SYSTEMD ]; then
+ echo_failure
+ fi
echo
+
if [ "${command}" != "status" ]; then
# 5 program is not installed
exit 5
@@ -314,11 +368,7 @@ get_pki_status_definitions_ra()
done
- if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
- return 0
- else
- return ${default_error}
- fi
+ return 0;
}
get_pki_status_definitions_tps()
@@ -377,11 +427,7 @@ get_pki_status_definitions_tps()
done
- if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
- return 0
- else
- return ${default_error}
- fi
+ return 0;
}
get_pki_status_definitions_tomcat()
@@ -442,11 +488,7 @@ get_pki_status_definitions_tomcat()
fi
done
- if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then
- return 0
- else
- return ${default_error}
- fi
+ return 0;
}
get_pki_configuration_definitions()
@@ -661,10 +703,24 @@ display_configuration_information()
return $result
}
-display_instance_status()
+display_instance_status_systemd()
{
- rv=0
+ echo -n "Status for ${PKI_INSTANCE_ID}: "
+ systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_ID.service" > /dev/null 2>&1
+ rv=$?
+
+ if [ $rv -eq 0 ] ; then
+ echo "$PKI_INSTANCE_ID is running .."
+ display_configuration_information
+ else
+ echo "$PKI_INSTANCE_ID is stopped"
+ fi
+
+ return $rv
+}
+display_instance_status()
+{
# Verify there is an initscript for this instance
if [ ! -f $PKI_INSTANCE_INITSCRIPT ]; then
# 4 program or service status is unknown
@@ -693,6 +749,12 @@ start_instance()
# Invoke the initscript for this instance
case $PKI_SUBSYSTEM_TYPE in
ca|kra|ocsp|tks)
+
+ # We must export the service name so that the systemd version
+ # of the tomcat6 init script knows which instance specific
+ # configuration file to source.
+ export SERVICE_NAME=$PKI_INSTANCE_ID
+
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
/usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \
$PKI_INSTANCE_INITSCRIPT start
@@ -790,6 +852,7 @@ stop_instance()
{
rv=0
+ export SERVICE_NAME=$PKI_INSTANCE_ID
# Invoke the initscript for this instance
$PKI_INSTANCE_INITSCRIPT stop
rv=$?
@@ -1000,8 +1063,20 @@ registry_status()
[ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo
- display_instance_status
- rv=$?
+ case $PKI_SUBSYSTEM_TYPE in
+ ca|kra|ocsp|tks)
+ if [ $SYSTEMD ]; then
+ display_instance_status_systemd
+ else
+ display_instance_status
+ fi
+ rv=$?
+ ;;
+ tps|ra)
+ display_instance_status
+ rv=$?
+ ;;
+ esac
if [ $rv -ne 0 ] ; then
errors=`expr $errors + 1`
error_rv=$rv
diff --git a/pki/base/common/scripts/pki_apache_initscript b/pki/base/setup/scripts/pki_apache_initscript
index e51231065..e51231065 100755
--- a/pki/base/common/scripts/pki_apache_initscript
+++ b/pki/base/setup/scripts/pki_apache_initscript
diff --git a/pki/base/setup/scripts/pkicontrol b/pki/base/setup/scripts/pkicontrol
new file mode 100755
index 000000000..f9a279b07
--- /dev/null
+++ b/pki/base/setup/scripts/pkicontrol
@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007-2010 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+PROG_NAME=`basename $0`
+SERVICE_NAME="pkicontrol"
+SERVICE_PROG="/bin/systemctl"
+
+command="$1"
+pki_subsystem_type="$2"
+pki_instance="$3"
+
+PKI_PATH="/usr/share/pki/${pki_subsystem_type}"
+PKI_REGISTRY="/etc/sysconfig/pki/${pki_subsystem_type}"
+PKI_TYPE="pki-${pki_subsystem_type}"
+PKI_SYSTEMD_TARGET="pki-${pki_subsystem_type}d"
+SYSTEMD=1
+
+# Source the PKI function library
+. /usr/share/pki/scripts/functions
+
+# See how we were called.
+case $command in
+ status)
+ registry_status
+ exit $?
+ ;;
+ start)
+ start
+ exit $?
+ ;;
+ restart)
+ restart
+ exit $?
+ ;;
+ stop)
+ stop
+ exit $?
+ ;;
+ condrestart|force-restart|try-restart)
+ [ ! -f ${lockfile} ] || restart
+ exit $?
+ ;;
+ reload)
+ echo "The 'reload' action is an unimplemented feature."
+ exit ${default_error}
+ ;;
+ *)
+ echo "unknown action ($command)"
+ usage
+ echo "where valid instance names include:"
+ list_instances
+ exit ${default_error}
+ ;;
+esac
+
diff --git a/pki/base/tks/CMakeLists.txt b/pki/base/tks/CMakeLists.txt
index 0f1221eaa..fd9246948 100644
--- a/pki/base/tks/CMakeLists.txt
+++ b/pki/base/tks/CMakeLists.txt
@@ -4,6 +4,19 @@ add_subdirectory(src)
add_subdirectory(setup)
add_subdirectory(shared/conf)
+# install systemd scripts
+install(
+ FILES
+ shared/lib/systemd/system/pki-tksd.target
+ shared/lib/systemd/system/pki-tksd@.service
+ DESTINATION
+ ${SYSTEMD_LIB_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
# install init script
install(
FILES
@@ -28,6 +41,8 @@ install(
"etc/*" EXCLUDE
PATTERN
"CS.cfg.in" EXCLUDE
+ PATTERN
+ "lib/*" EXCLUDE
)
# install empty directories
@@ -42,3 +57,9 @@ install(
DESTINATION
${VAR_INSTALL_DIR}/run/pki/tks
)
+
+install(
+ DIRECTORY
+ DESTINATION
+ ${SYSTEMD_ETC_INSTALL_DIR}/pki-tksd.target.wants
+)
diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in
index d98a25154..fbe2d24c0 100644
--- a/pki/base/tks/shared/conf/CS.cfg.in
+++ b/pki/base/tks/shared/conf/CS.cfg.in
@@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
cs.type=TKS
diff --git a/pki/base/tks/shared/lib/systemd/system/pki-tksd.target b/pki/base/tks/shared/lib/systemd/system/pki-tksd.target
new file mode 100644
index 000000000..3e2b89edd
--- /dev/null
+++ b/pki/base/tks/shared/lib/systemd/system/pki-tksd.target
@@ -0,0 +1,8 @@
+[Unit]
+Description=PKI Token Key Service
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
+
+
diff --git a/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service b/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service
new file mode 100644
index 000000000..d624eece4
--- /dev/null
+++ b/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=PKI Token Key Service %i
+After=pki-tksd.target
+BindTo=pki-tksd.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start tks %i
+ExecStop=/usr/bin/pkicontrol stop tks %i
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/pki/cmake/Modules/DefineInstallationPaths.cmake b/pki/cmake/Modules/DefineInstallationPaths.cmake
index bc8d9b21a..fa4a870b7 100644
--- a/pki/cmake/Modules/DefineInstallationPaths.cmake
+++ b/pki/cmake/Modules/DefineInstallationPaths.cmake
@@ -8,7 +8,6 @@ if (UNIX)
SET(LIB_SUFFIX
CACHE STRING "Define suffix of directory name (32/64)"
)
-
SET(EXEC_INSTALL_PREFIX
"${CMAKE_INSTALL_PREFIX}"
CACHE PATH "Base directory for executables and libraries"
@@ -105,6 +104,14 @@ if (UNIX)
${EXEC_INSTALL_PREFIX}/var
CACHE PATH "The /var install dir (default prefix/var)"
)
+ SET(SYSTEMD_LIB_INSTALL_DIR
+ "/lib/systemd/system"
+ CACHE PATH "Base directory for systemd target and service files"
+ )
+ SET(SYSTEMD_ETC_INSTALL_DIR
+ "/etc/systemd/system"
+ CACHE PATH "Base directory for systemd custom target and service files"
+ )
endif (UNIX)
if (WIN32)
diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages
index 848a623da..86a2380d1 100755
--- a/pki/scripts/compose_pki_core_packages
+++ b/pki/scripts/compose_pki_core_packages
@@ -31,7 +31,7 @@ PKI_PWD=`pwd`
##
PKI_CORE="pki-core"
-PKI_CORE_VERSION="9.0.12"
+PKI_CORE_VERSION="9.0.13"
##
diff --git a/pki/scripts/compose_pki_kra_packages b/pki/scripts/compose_pki_kra_packages
index 94188c72d..06623f054 100755
--- a/pki/scripts/compose_pki_kra_packages
+++ b/pki/scripts/compose_pki_kra_packages
@@ -31,7 +31,7 @@ PKI_PWD=`pwd`
##
PKI_KRA="pki-kra"
-PKI_KRA_VERSION="9.0.5"
+PKI_KRA_VERSION="9.0.6"
##
diff --git a/pki/scripts/compose_pki_ocsp_packages b/pki/scripts/compose_pki_ocsp_packages
index d0bae0754..ee62a3eb3 100755
--- a/pki/scripts/compose_pki_ocsp_packages
+++ b/pki/scripts/compose_pki_ocsp_packages
@@ -31,7 +31,7 @@ PKI_PWD=`pwd`
##
PKI_OCSP="pki-ocsp"
-PKI_OCSP_VERSION="9.0.4"
+PKI_OCSP_VERSION="9.0.5"
##
diff --git a/pki/scripts/compose_pki_tks_packages b/pki/scripts/compose_pki_tks_packages
index 68ee4a93c..da02251f4 100755
--- a/pki/scripts/compose_pki_tks_packages
+++ b/pki/scripts/compose_pki_tks_packages
@@ -31,7 +31,7 @@ PKI_PWD=`pwd`
##
PKI_TKS="pki-tks"
-PKI_TKS_VERSION="9.0.4"
+PKI_TKS_VERSION="9.0.5"
##
diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec
index 3547e8abd..eaf0ee232 100644
--- a/pki/specs/pki-core.spec
+++ b/pki/specs/pki-core.spec
@@ -1,5 +1,5 @@
Name: pki-core
-Version: 9.0.12
+Version: 9.0.13
Release: 1%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
@@ -32,6 +32,9 @@ BuildRequires: tomcatjss >= 2.0.0
BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
+%if 0%{?fedora} >= 16
+BuildRequires: systemd-units
+%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -323,10 +326,17 @@ Requires: java >= 1:1.6.0
Requires: pki-ca-theme >= 9.0.0
Requires: pki-common = %{version}-%{release}
Requires: pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
+%endif
+
%if 0%{?fedora} >= 15
# Details:
#
@@ -420,6 +430,13 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+
%pre -n pki-selinux
%saveFileContext targeted
@@ -442,8 +459,8 @@ if [ $1 = 0 ]; then
%relabel targeted
fi
-
-%post -n pki-ca
+%if 0%{?fedora} < 16
+%post -n pki-ca
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-cad || :
@@ -460,6 +477,24 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-cad condrestart >/dev/null 2>&1 || :
fi
+%else
+%post -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun -n pki-ca
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
+fi
+%endif
+
%files -n pki-setup
%defattr(-,root,root,-)
@@ -469,8 +504,13 @@ fi
%dir %{_datadir}/pki
%dir %{_datadir}/pki/scripts
%{_datadir}/pki/scripts/pkicommon.pm
+%{_datadir}/pki/scripts/functions
+%{_datadir}/pki/scripts/pki_apache_initscript
%dir %{_localstatedir}/lock/pki
%dir %{_localstatedir}/run/pki
+%if 0%{?fedora} >= 16
+%{_bindir}/pkicontrol
+%endif
%files -n pki-symkey
@@ -479,7 +519,6 @@ fi
%{_jnidir}/symkey.jar
%{_libdir}/symkey/
-
%files -n pki-native-tools
%defattr(-,root,root,-)
%doc base/native-tools/LICENSE base/native-tools/doc/README
@@ -549,8 +588,6 @@ fi
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-cmscore-%{version}.jar
%{_javadir}/pki/pki-cmscore.jar
-%{_datadir}/pki/scripts/functions
-%{_datadir}/pki/scripts/pki_apache_initscript
%{_datadir}/pki/setup/
%files -n pki-common-javadoc
@@ -567,7 +604,13 @@ fi
%files -n pki-ca
%defattr(-,root,root,-)
%doc base/ca/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{_unitdir}/pki-cad@.service
+%{_unitdir}/pki-cad.target
+%else
%{_initrddir}/pki-cad
+%endif
%{_javadir}/pki/pki-ca-%{version}.jar
%{_javadir}/pki/pki-ca.jar
%dir %{_datadir}/pki/ca
@@ -599,6 +642,14 @@ fi
%changelog
+* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.13-1
+- 'pki-setup'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-ca'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-common'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
* Tue Aug 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.12-1
- 'pki-setup'
- Bugzilla Bug #712931 - CS requires too many ports
diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec
index ea79c29f2..ef8c2c434 100644
--- a/pki/specs/pki-kra.spec
+++ b/pki/specs/pki-kra.spec
@@ -1,5 +1,5 @@
Name: pki-kra
-Version: 9.0.5
+Version: 9.0.6
Release: 1%{?dist}
Summary: Certificate System - Data Recovery Manager
URL: http://pki.fedoraproject.org/
@@ -18,15 +18,25 @@ BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: pki-common
BuildRequires: pki-util
+%if 0%{?fedora} >= 16
+BuildRequires: systemd-units
+%endif
Requires: java >= 1:1.6.0
Requires: pki-common
Requires: pki-kra-theme
Requires: pki-selinux
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
+%endif
+
%if 0%{?fedora} >= 15
# Details:
#
@@ -117,7 +127,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil
echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-krad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+%if 0%{?fedora} < 16
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-krad || :
@@ -134,12 +151,33 @@ fi
if [ "$1" -ge "1" ] ; then
/sbin/service pki-krad condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
+fi
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
+fi
+%endif
%files
%defattr(-,root,root,-)
%doc base/kra/LICENSE
-%{_initrddir}/pki-krad
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{_unitdir}/pki-krad@.service
+%{_unitdir}/pki-krad.target
+%else
+%{_initrddir}/pki-cad
+%endif
%{_javadir}/pki/pki-kra-%{version}.jar
%{_javadir}/pki/pki-kra.jar
%dir %{_datadir}/pki/kra
@@ -159,6 +197,9 @@ fi
%changelog
+* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.6-1
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.5-1
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW
diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec
index c72511dce..3467d042a 100644
--- a/pki/specs/pki-ocsp.spec
+++ b/pki/specs/pki-ocsp.spec
@@ -1,5 +1,5 @@
Name: pki-ocsp
-Version: 9.0.4
+Version: 9.0.5
Release: 1%{?dist}
Summary: Certificate System - Online Certificate Status Protocol Manager
URL: http://pki.fedoraproject.org/
@@ -18,15 +18,26 @@ BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: pki-common
BuildRequires: pki-util
+%if 0%{?fedora} >= 16
+BuildRequires: systemd-units
+%endif
Requires: java >= 1:1.6.0
Requires: pki-common
Requires: pki-ocsp-theme
Requires: pki-selinux
+
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
+%endif
+
%if 0%{?fedora} >= 15
# Details:
#
@@ -124,7 +135,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfi
echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+%if 0%{?fedora} < 16
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-ocspd || :
@@ -142,11 +160,35 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
+fi
+
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
+fi
+%endif
+
%files
%defattr(-,root,root,-)
%doc base/ocsp/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{_unitdir}/pki-ocspd@.service
+%{_unitdir}/pki-ocspd.target
+%else
%{_initrddir}/pki-ocspd
+%endif
%{_javadir}/pki/pki-ocsp-%{version}.jar
%{_javadir}/pki/pki-ocsp.jar
%dir %{_datadir}/pki/ocsp
@@ -166,6 +208,9 @@ fi
%changelog
+* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW
diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec
index b5eb11cdd..3001b5c53 100644
--- a/pki/specs/pki-tks.spec
+++ b/pki/specs/pki-tks.spec
@@ -1,5 +1,5 @@
Name: pki-tks
-Version: 9.0.4
+Version: 9.0.5
Release: 1%{?dist}
Summary: Certificate System - Token Key Service
URL: http://pki.fedoraproject.org/
@@ -18,15 +18,25 @@ BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: pki-common
BuildRequires: pki-util
+%if 0%{?fedora} >= 16
+BuildRequires: systemd-units
+%endif
Requires: java >= 1:1.6.0
Requires: pki-common
Requires: pki-selinux
Requires: pki-tks-theme
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
+%endif
+
%if 0%{?fedora} >= 15
# Details:
#
@@ -118,29 +128,56 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil
echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-tksd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+%if 0%{?fedora} < 16
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-tksd || :
-
%preun
if [ $1 = 0 ] ; then
/sbin/service pki-tksd stop >/dev/null 2>&1
/sbin/chkconfig --del pki-tksd || :
fi
-
%postun
if [ "$1" -ge "1" ] ; then
/sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
+fi
+%endif
%files
%defattr(-,root,root,-)
%doc base/tks/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{_unitdir}/pki-tksd@.service
+%{_unitdir}/pki-tksd.target
+%else
%{_initrddir}/pki-tksd
+%endif
%{_javadir}/pki/pki-tks-%{version}.jar
%{_javadir}/pki/pki-tks.jar
%dir %{_datadir}/pki/tks
@@ -160,6 +197,9 @@ fi
%changelog
+* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1
+- Bugzilla Bug #699809 - Convert CS to use systemd
+
* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW