diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-09-09 20:42:46 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-09-09 20:42:46 +0000 |
commit | 78a301689d984401ad7098049ddb2f6e5504d957 (patch) | |
tree | a5d9b21416785e6558300001a3c8dafece76c8a3 /pki | |
parent | 4ee4f5ae0e627ab89499844f95f0bc4b8cd4cd2e (diff) | |
download | pki-78a301689d984401ad7098049ddb2f6e5504d957.tar.gz pki-78a301689d984401ad7098049ddb2f6e5504d957.tar.xz pki-78a301689d984401ad7098049ddb2f6e5504d957.zip |
Bugzilla BZ# 699809 - Convert certificate system to use systemd
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2196 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
36 files changed, 697 insertions, 106 deletions
diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt index c6665862a..6a25b4023 100644 --- a/pki/CMakeLists.txt +++ b/pki/CMakeLists.txt @@ -23,20 +23,20 @@ elseif (BUILD_REDHAT_PKI_THEME) elseif (BUILD_PKI_CORE) set(APPLICATION_FLAVOR_PKI_CORE TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "12") + set(APPLICATION_VERSION_PATCH "13") elseif (BUILD_PKI_KRA) set(APPLICATION_FLAVOR_PKI_KRA TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "5") + set(APPLICATION_VERSION_PATCH "6") elseif (BUILD_PKI_OCSP) set(APPLICATION_FLAVOR_PKI_OCSP TRUE) - set(APPLICATION_VERSION_PATCH "4") + set(APPLICATION_VERSION_PATCH "5") elseif (BUILD_PKI_RA) set(APPLICATION_FLAVOR_PKI_RA TRUE) set(APPLICATION_VERSION_PATCH "3") elseif (BUILD_PKI_TKS) set(APPLICATION_FLAVOR_PKI_TKS TRUE) - set(APPLICATION_VERSION_PATCH "4") + set(APPLICATION_VERSION_PATCH "5") elseif (BUILD_PKI_TPS) set(APPLICATION_FLAVOR_PKI_TPS TRUE) # override APPLICATION VERSION diff --git a/pki/base/ca/CMakeLists.txt b/pki/base/ca/CMakeLists.txt index 9ad04dadc..153208c2d 100644 --- a/pki/base/ca/CMakeLists.txt +++ b/pki/base/ca/CMakeLists.txt @@ -4,18 +4,30 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) -# install init script +# install systemd scripts install( FILES - shared/etc/init.d/pki-cad + shared/lib/systemd/system/pki-cad.target + shared/lib/systemd/system/pki-cad@.service DESTINATION - ${SYSCONF_INSTALL_DIR}/rc.d/init.d + ${SYSTEMD_LIB_INSTALL_DIR} PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_EXECUTE GROUP_READ WORLD_EXECUTE WORLD_READ ) +# install init script +install( + FILES + shared/etc/init.d/pki-cad + DESTINATION + ${SYSCONF_INSTALL_DIR}/rc.d/init.d + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ +) + # install directories install( DIRECTORY @@ -28,6 +40,8 @@ install( "etc/*" EXCLUDE PATTERN "conf/CS.cfg.in" EXCLUDE + PATTERN + "lib/*" EXCLUDE ) # install empty directories @@ -42,3 +56,9 @@ install( DESTINATION ${VAR_INSTALL_DIR}/run/pki/ca ) + +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-cad.target.wants +) diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in index e3447bbc8..f08fc2ce2 100644 --- a/pki/base/ca/shared/conf/CS.cfg.in +++ b/pki/base/ca/shared/conf/CS.cfg.in @@ -13,6 +13,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.arg11.group=[PKI_GROUP] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=CA Setup Wizard diff --git a/pki/base/ca/shared/lib/systemd/system/pki-cad.target b/pki/base/ca/shared/lib/systemd/system/pki-cad.target new file mode 100644 index 000000000..dab661403 --- /dev/null +++ b/pki/base/ca/shared/lib/systemd/system/pki-cad.target @@ -0,0 +1,8 @@ +[Unit] +Description=PKI Certificate Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target + + diff --git a/pki/base/ca/shared/lib/systemd/system/pki-cad@.service b/pki/base/ca/shared/lib/systemd/system/pki-cad@.service new file mode 100644 index 000000000..e205d72fb --- /dev/null +++ b/pki/base/ca/shared/lib/systemd/system/pki-cad@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Certificate Authority Server %i +After=pki-cad.target +BindTo=pki-cad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ca %i +ExecStop=/usr/bin/pkicontrol stop ca %i + +[Install] +WantedBy=multi-user.target + diff --git a/pki/base/common/CMakeLists.txt b/pki/base/common/CMakeLists.txt index d8fb5d2c1..5a35f6fbc 100644 --- a/pki/base/common/CMakeLists.txt +++ b/pki/base/common/CMakeLists.txt @@ -2,18 +2,6 @@ project(common Java) install( FILES - scripts/functions - scripts/pki_apache_initscript - DESTINATION - ${DATA_INSTALL_DIR}/scripts/ - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - FILES setup/CertServer.directory setup/menu.xml DESTINATION diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index f21a56de9..fa5840dcd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -180,11 +180,13 @@ public class DonePanel extends WizardPanelBase { String type = ""; String instanceId = ""; String instanceRoot = ""; + String systemdService = ""; try { type = cs.getString("cs.type", ""); instanceId = cs.getString("instanceId"); instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); + systemdService = cs.getString("pkicreate.systemd.servicename", ""); } catch (Exception e) {} String initDaemon = ""; @@ -199,8 +201,13 @@ public class DonePanel extends WizardPanelBase { } String os = System.getProperty( "os.name" ); if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + if (! systemdService.equals("")) { + context.put( "initCommand", "/bin/systemctl"); + context.put( "instanceId", systemdService ); + } else { + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); + } } else { /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ context.put( "initCommand", "/etc/init.d/" + initDaemon ); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 6abdd8618..160cc74c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -99,11 +99,13 @@ public class SecurityDomainPanel extends WizardPanelBase { String default_admin_url = ""; String name = ""; String cstype = ""; + String systemdService = ""; try { default_admin_url = config.getString("preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); + systemdService = config.getString("pkicreate.systemd.servicename", ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -214,8 +216,13 @@ public class SecurityDomainPanel extends WizardPanelBase { String instanceId = "<security_domain_instance_name>"; String os = System.getProperty( "os.name" ); if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + if (! systemdService.equals("")) { + context.put( "initCommand", "/usr/bin/pkicontrol" ); + context.put( "instanceId", "ca " + systemdService ); + } else { + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); + } } else { /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ context.put( "initCommand", "/etc/init.d/" + initDaemon ); diff --git a/pki/base/kra/CMakeLists.txt b/pki/base/kra/CMakeLists.txt index dc2564c92..0e15b2d52 100644 --- a/pki/base/kra/CMakeLists.txt +++ b/pki/base/kra/CMakeLists.txt @@ -4,6 +4,19 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +# install systemd scripts +install( + FILES + shared/lib/systemd/system/pki-krad.target + shared/lib/systemd/system/pki-krad@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -28,6 +41,8 @@ install( "etc/*" EXCLUDE PATTERN "conf/CS.cfg.in" EXCLUDE + PATTERN + "lib/*" EXCLUDE ) # install empty directories @@ -42,3 +57,10 @@ install( DESTINATION ${VAR_INSTALL_DIR}/run/pki/kra ) + +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-krad.target.wants +) + diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in index 4bf1c738e..fb682d756 100644 --- a/pki/base/kra/shared/conf/CS.cfg.in +++ b/pki/base/kra/shared/conf/CS.cfg.in @@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=DRM Setup Wizard diff --git a/pki/base/kra/shared/lib/systemd/system/pki-krad.target b/pki/base/kra/shared/lib/systemd/system/pki-krad.target new file mode 100644 index 000000000..b7027fc72 --- /dev/null +++ b/pki/base/kra/shared/lib/systemd/system/pki-krad.target @@ -0,0 +1,8 @@ +[Unit] +Description=PKI Key Recovery Authority Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target + + diff --git a/pki/base/kra/shared/lib/systemd/system/pki-krad@.service b/pki/base/kra/shared/lib/systemd/system/pki-krad@.service new file mode 100644 index 000000000..3c4f177a9 --- /dev/null +++ b/pki/base/kra/shared/lib/systemd/system/pki-krad@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Key Recovery Authority Server %i +After=pki-krad.target +BindTo=pki-krad.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start kra %i +ExecStop=/usr/bin/pkicontrol stop kra %i + +[Install] +WantedBy=multi-user.target + diff --git a/pki/base/ocsp/CMakeLists.txt b/pki/base/ocsp/CMakeLists.txt index 1a7809074..c8e22ea1e 100644 --- a/pki/base/ocsp/CMakeLists.txt +++ b/pki/base/ocsp/CMakeLists.txt @@ -4,6 +4,19 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +# install systemd scripts +install( + FILES + shared/lib/systemd/system/pki-ocspd.target + shared/lib/systemd/system/pki-ocspd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -28,6 +41,8 @@ install( "etc/*" EXCLUDE PATTERN "CS.cfg.in" EXCLUDE + PATTERN + "lib/*" EXCLUDE ) # install empty directories @@ -42,3 +57,9 @@ install( DESTINATION ${VAR_INSTALL_DIR}/run/pki/ocsp ) + +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-ocspd.target.wants +) diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in index 4cd234c84..6d46b7905 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg.in +++ b/pki/base/ocsp/shared/conf/CS.cfg.in @@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] cs.type=OCSP diff --git a/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target new file mode 100644 index 000000000..5db6bf4df --- /dev/null +++ b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd.target @@ -0,0 +1,8 @@ +[Unit] +Description=PKI Online Certificate Status Protocol Server +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target + + diff --git a/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service new file mode 100644 index 000000000..7b4e7855b --- /dev/null +++ b/pki/base/ocsp/shared/lib/systemd/system/pki-ocspd@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Online Certificate Status Protocol Server %i +After=pki-ocspd.target +BindTo=pki-ocspd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start ocsp %i +ExecStop=/usr/bin/pkicontrol stop ocsp %i + +[Install] +WantedBy=multi-user.target + diff --git a/pki/base/setup/CMakeLists.txt b/pki/base/setup/CMakeLists.txt index 6bd791d90..c12758fe4 100644 --- a/pki/base/setup/CMakeLists.txt +++ b/pki/base/setup/CMakeLists.txt @@ -4,6 +4,7 @@ install( FILES pkicreate pkiremove + scripts/pkicontrol DESTINATION ${BIN_INSTALL_DIR} PERMISSIONS @@ -15,6 +16,8 @@ install( install( FILES pkicommon.pm + scripts/functions + scripts/pki_apache_initscript DESTINATION ${DATA_INSTALL_DIR}/scripts/ PERMISSIONS diff --git a/pki/base/setup/pkicommon.pm b/pki/base/setup/pkicommon.pm index 0d7be6080..51db599f4 100755 --- a/pki/base/setup/pkicommon.pm +++ b/pki/base/setup/pkicommon.pm @@ -49,7 +49,7 @@ our @EXPORT = qw( parse_install_info parse_old_cleanup read_old_cleanup read_install_info read_install_info_from_dir write_install_info_to_dir uninstall is_Windows is_Linux is_Fedora is_RHEL is_RHEL4 setup_platform_dependent_parameters - set_library_path get_library_path + set_library_path get_library_path fedora_release check_for_root_UID user_disallows_shell user_exists create_user group_exists create_group user_is_a_member_of_group add_user_as_a_member_of_group @@ -802,6 +802,21 @@ sub is_RHEL4 { return 0; } +# no args +# return release_number +# return 0 if not found +sub fedora_release { + my $releasefd = new FileHandle; + if ($releasefd->open("< /etc/fedora-release")) { + while (defined(my $line = <$releasefd>)) { + if ($line =~ /Fedora release (\d*)/) { + return $1; + } + } + } + return 0; +} + # no args # no return value @@ -2118,7 +2133,7 @@ sub is_path_valid foreach $split_path (@pathname) { chomp($split_path); - if (!($split_path !~ /^[-_.a-zA-Z0-9\[\]]+$/)) { + if (!($split_path !~ /^[-_.a-zA-Z0-9\[\]\@]+$/)) { $valid = 1; } else { $valid = 0; diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index ea3bc2ef3..4524c9f96 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -332,6 +332,7 @@ my $PKI_AJP_REDIRECT_PORT_SLOT = "PKI_AJP_REDIRECT_PORT" my $PKI_AJP_PORT_SLOT = "PKI_AJP_PORT"; my $PROXY_SECURE_PORT_SLOT = "PKI_PROXY_SECURE_PORT"; my $PROXY_UNSECURE_PORT_SLOT = "PKI_PROXY_UNSECURE_PORT"; +my $PKI_SYSTEMD_SERVICENAME_SLOT = "PKI_SYSTEMD_SERVICENAME"; my $PKI_UNSECURE_PORT_NAME = "Unsecure"; my $PKI_AGENT_SECURE_PORT_NAME = "Agent"; my $PKI_ADMIN_SECURE_PORT_NAME = "Admin"; @@ -577,6 +578,12 @@ my $root_user = undef; my $root_group = undef; my $pki_instance_initscript_path = undef; +#systemd specific variables +my $use_systemd = 0; +my $pki_subsystem_systemd_wants_path = undef; +my $pki_subsystem_systemd_service_path = undef; +my $pki_instance_systemd_service_name = undef; + ############################################################## # Platform-Dependent Data Initialization @@ -587,8 +594,16 @@ if ($^O eq "linux") { $setup_config_area = "/usr/share/applications"; $setup_config_name = "config.desktop"; + if (is_Fedora() && (fedora_release() >= 16)) { + $use_systemd = 1; + } + # Linux init scripts - $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6"; + if ($use_systemd) { + $tomcat6_initscript_path = "/usr/sbin/tomcat6-sysd"; + } else { + $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6"; + } # Tomcat instance config directory $tomcat6_instance_config_path = "/etc/sysconfig"; @@ -1432,6 +1447,13 @@ sub initialize_subsystem_paths $pki_registry_subsystem_file_path = $setup_subsystem_path . "/" . $registry_template_base_name; + $pki_registry_initscript = get_registry_initscript_name($subsystem_type); + + ## systemd subsystem variables + $pki_subsystem_systemd_wants_path = + "/etc/systemd/system/${pki_registry_initscript}.target.wants"; + $pki_subsystem_systemd_service_path = + "/lib/systemd/system/${pki_registry_initscript}\@.service"; ## Initialize subsystem directory paths (CA subsystems) if ($subsystem_type eq $CA) { @@ -1512,6 +1534,10 @@ sub initialize_instance_paths . "/" . $pki_instance_name . ".pid"; + ## systemd instance service name + $pki_instance_systemd_service_name = + "${pki_registry_initscript}\@${pki_instance_name}.service"; + ## Initialize instance directory paths (RA, TPS instances) if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { if ($subsystem_type eq $TPS) { @@ -1597,8 +1623,6 @@ sub initialize_subdirectory_paths $setup_config_subsystem_file_path = $setup_subsystem_path . "/" . $setup_config_name; - $pki_registry_initscript = get_registry_initscript_name($subsystem_type); - ## Initialize subdirectory paths (CA subsystems) if ($subsystem_type eq $CA) { $profile_select_template_subsystem_file_path = $ui_subsystem_path @@ -2401,6 +2425,12 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path; $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; + if ($use_systemd) { + $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = $pki_instance_systemd_service_name; + } else { + $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = ""; + } + # Define "Port Separation" (default) versus "Shared Ports" (legacy) if ($use_port_separation) { # Establish "Port Separation" Connector Names @@ -2803,6 +2833,16 @@ sub process_pki_files_and_symlinks # to find our tomcat6 configuration file in /etc/sysconfig return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, $root_user, $root_group); + if ($use_systemd) { + return 0 if !create_symlink( + "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", + "$pki_subsystem_systemd_service_path", + $root_user, $root_group); + + # reload systemd configuration + run_command("/bin/systemctl --system daemon-reload"); + + } return 0 if !create_directory($webinf_lib_instance_path, $default_dir_permissions, $pki_user, $pki_group); @@ -3353,7 +3393,13 @@ ASK_AGAIN: printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path()); - $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript restart $pki_instance_name"; + if ($use_systemd) { + $pki_registry_initscript_command = + "/bin/systemctl restart $pki_instance_systemd_service_name"; + } else { + $pki_registry_initscript_command = + "/sbin/service $pki_registry_initscript restart $pki_instance_name"; + } $command = "${pki_registry_initscript_command}"; run_command($command); diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index 16023d5a7..dd9fbc7f9 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -120,11 +120,18 @@ my $pki_registry_initscript_command = undef; # PKI registry variables my $pki_registry_subsystem_path = undef; +#systemd specific variables +my $use_systemd = 0; +my $pki_instance_systemd_service_name = undef; + ############################################################## # Platform-Dependent Data Initialization ############################################################## if ($^O eq "linux") { + if (is_Fedora() && (fedora_release() >= 16)) { + $use_systemd = 1; + } } else { emit("Unsupported platform '$^O'!\n", "error"); exit 255; @@ -484,23 +491,22 @@ ASK_AGAIN: } } - # De-register this instance with "chkconfig" - if ($^O eq "linux") { - if (entity_exists("$default_initscripts_path/$pki_instance_name")) { - # De-register this instance with '/sbin/chkconfig' - print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n"); - deregister_pki_instance_with_chkconfig($pki_instance_name); - } - } - $pki_registry_initscript = get_registry_initscript_name($subsystem_type); # Shutdown this instance if ($^O eq "linux") { - if (entity_exists("$default_initscripts_path/$pki_instance_name")) { - $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop"; + if ($use_systemd) { + $pki_instance_systemd_service_name = + "${pki_registry_initscript}\@${pki_instance_name}.service"; + $pki_registry_initscript_command = + "/bin/systemctl stop $pki_instance_systemd_service_name"; } else { - $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript stop $pki_instance_name"; + if (entity_exists("$default_initscripts_path/$pki_instance_name")) { + $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop"; + } else { + $pki_registry_initscript_command = + "/sbin/service $pki_registry_initscript stop $pki_instance_name"; + } } } else { emit("Unsupported platform '$^O'!\n", "error"); @@ -508,11 +514,26 @@ ASK_AGAIN: } run_command($pki_registry_initscript_command); + if (!$use_systemd) { + # De-register this instance with "chkconfig" + if ($^O eq "linux") { + if (entity_exists("$default_initscripts_path/$pki_instance_name")) { + # De-register this instance with '/sbin/chkconfig' + print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n"); + deregister_pki_instance_with_chkconfig($pki_instance_name); + } + } + } + print(STDOUT "\n"); # Remove all installed files and directories. $result = 0 if !uninstall($install_info); + if ($use_systemd) { + run_command("/bin/systemctl --system daemon-reload"); + } + print(STDOUT "\n"); return $result; diff --git a/pki/base/common/scripts/functions b/pki/base/setup/scripts/functions index 2b8b82bdf..516bf32e2 100644 --- a/pki/base/common/scripts/functions +++ b/pki/base/setup/scripts/functions @@ -143,6 +143,24 @@ usage() echo } +usage_systemd() +{ + echo -n "Usage: /usr/bin/pkicontrol " + echo -n "{start" + echo -n "|stop" + echo -n "|restart" + echo -n "|condrestart" + echo -n "|force-restart" + echo -n "|try-restart" + echo -n "|reload" + echo -n "|status} " + echo -n "subsytem-type " + echo -n "[instance-name]" + echo + echo +} + + list_instances() { echo @@ -154,35 +172,68 @@ list_instances() } # Check arguments -if [ $# -lt 1 ] ; then - # 3 unimplemented feature (for example, "reload") - # [insufficient arguments] - echo "$PROG_NAME: Insufficient arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - exit 3 -elif [ ${default_error} -eq 2 ] ; then - # 2 invalid argument - echo "$PROG_NAME: Invalid arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - exit 2 -elif [ $# -gt 2 ] ; then - echo "$PROG_NAME: Excess arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - if [ "${command}" != "status" ]; then - # 2 excess arguments +if [ $SYSTEMD ]; then + if [ $# -lt 2 ] ; then + # [insufficient arguments] + echo "$PROG_NAME: Insufficient arguments!" + echo + usage_systemd + echo "where valid instance names include:" + list_instances + exit 3 + elif [ ${default_error} -eq 2 ] ; then + # 2 invalid argument + echo "$PROG_NAME: Invalid arguments!" + echo + usage_systemd + echo "where valid instance names include:" + list_instances exit 2 - else - # 4 program or service status is unknown - exit 4 + elif [ $# -gt 3 ] ; then + echo "$PROG_NAME: Excess arguments!" + echo + usage_systemd + echo "where valid instance names include:" + list_instances + if [ "${command}" != "status" ]; then + # 2 excess arguments + exit 2 + else + # 4 program or service status is unknown + exit 4 + fi + fi +else + if [ $# -lt 1 ] ; then + # 3 unimplemented feature (for example, "reload") + # [insufficient arguments] + echo "$PROG_NAME: Insufficient arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + exit 3 + elif [ ${default_error} -eq 2 ] ; then + # 2 invalid argument + echo "$PROG_NAME: Invalid arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + exit 2 + elif [ $# -gt 2 ] ; then + echo "$PROG_NAME: Excess arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + if [ "${command}" != "status" ]; then + # 2 excess arguments + exit 2 + else + # 4 program or service status is unknown + exit 4 + fi fi fi @@ -198,8 +249,11 @@ if [ -n "${pki_instance}" ]; then done if [ $valid -eq 0 ]; then echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance" - echo_failure + if [ ! $SYSTEMD ]; then + echo_failure + fi echo + if [ "${command}" != "status" ]; then # 5 program is not installed exit 5 @@ -314,11 +368,7 @@ get_pki_status_definitions_ra() done - if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then - return 0 - else - return ${default_error} - fi + return 0; } get_pki_status_definitions_tps() @@ -377,11 +427,7 @@ get_pki_status_definitions_tps() done - if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then - return 0 - else - return ${default_error} - fi + return 0; } get_pki_status_definitions_tomcat() @@ -442,11 +488,7 @@ get_pki_status_definitions_tomcat() fi done - if [ ${total_ports} -eq $PKI_TOTAL_PORTS ] ; then - return 0 - else - return ${default_error} - fi + return 0; } get_pki_configuration_definitions() @@ -661,10 +703,24 @@ display_configuration_information() return $result } -display_instance_status() +display_instance_status_systemd() { - rv=0 + echo -n "Status for ${PKI_INSTANCE_ID}: " + systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_ID.service" > /dev/null 2>&1 + rv=$? + + if [ $rv -eq 0 ] ; then + echo "$PKI_INSTANCE_ID is running .." + display_configuration_information + else + echo "$PKI_INSTANCE_ID is stopped" + fi + + return $rv +} +display_instance_status() +{ # Verify there is an initscript for this instance if [ ! -f $PKI_INSTANCE_INITSCRIPT ]; then # 4 program or service status is unknown @@ -693,6 +749,12 @@ start_instance() # Invoke the initscript for this instance case $PKI_SUBSYSTEM_TYPE in ca|kra|ocsp|tks) + + # We must export the service name so that the systemd version + # of the tomcat6 init script knows which instance specific + # configuration file to source. + export SERVICE_NAME=$PKI_INSTANCE_ID + if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then /usr/bin/runcon -t pki_${PKI_SUBSYSTEM_TYPE}_script_t \ $PKI_INSTANCE_INITSCRIPT start @@ -790,6 +852,7 @@ stop_instance() { rv=0 + export SERVICE_NAME=$PKI_INSTANCE_ID # Invoke the initscript for this instance $PKI_INSTANCE_INITSCRIPT stop rv=$? @@ -1000,8 +1063,20 @@ registry_status() [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo - display_instance_status - rv=$? + case $PKI_SUBSYSTEM_TYPE in + ca|kra|ocsp|tks) + if [ $SYSTEMD ]; then + display_instance_status_systemd + else + display_instance_status + fi + rv=$? + ;; + tps|ra) + display_instance_status + rv=$? + ;; + esac if [ $rv -ne 0 ] ; then errors=`expr $errors + 1` error_rv=$rv diff --git a/pki/base/common/scripts/pki_apache_initscript b/pki/base/setup/scripts/pki_apache_initscript index e51231065..e51231065 100755 --- a/pki/base/common/scripts/pki_apache_initscript +++ b/pki/base/setup/scripts/pki_apache_initscript diff --git a/pki/base/setup/scripts/pkicontrol b/pki/base/setup/scripts/pkicontrol new file mode 100755 index 000000000..f9a279b07 --- /dev/null +++ b/pki/base/setup/scripts/pkicontrol @@ -0,0 +1,73 @@ +#!/bin/bash +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007-2010 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +PROG_NAME=`basename $0` +SERVICE_NAME="pkicontrol" +SERVICE_PROG="/bin/systemctl" + +command="$1" +pki_subsystem_type="$2" +pki_instance="$3" + +PKI_PATH="/usr/share/pki/${pki_subsystem_type}" +PKI_REGISTRY="/etc/sysconfig/pki/${pki_subsystem_type}" +PKI_TYPE="pki-${pki_subsystem_type}" +PKI_SYSTEMD_TARGET="pki-${pki_subsystem_type}d" +SYSTEMD=1 + +# Source the PKI function library +. /usr/share/pki/scripts/functions + +# See how we were called. +case $command in + status) + registry_status + exit $? + ;; + start) + start + exit $? + ;; + restart) + restart + exit $? + ;; + stop) + stop + exit $? + ;; + condrestart|force-restart|try-restart) + [ ! -f ${lockfile} ] || restart + exit $? + ;; + reload) + echo "The 'reload' action is an unimplemented feature." + exit ${default_error} + ;; + *) + echo "unknown action ($command)" + usage + echo "where valid instance names include:" + list_instances + exit ${default_error} + ;; +esac + diff --git a/pki/base/tks/CMakeLists.txt b/pki/base/tks/CMakeLists.txt index 0f1221eaa..fd9246948 100644 --- a/pki/base/tks/CMakeLists.txt +++ b/pki/base/tks/CMakeLists.txt @@ -4,6 +4,19 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +# install systemd scripts +install( + FILES + shared/lib/systemd/system/pki-tksd.target + shared/lib/systemd/system/pki-tksd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + # install init script install( FILES @@ -28,6 +41,8 @@ install( "etc/*" EXCLUDE PATTERN "CS.cfg.in" EXCLUDE + PATTERN + "lib/*" EXCLUDE ) # install empty directories @@ -42,3 +57,9 @@ install( DESTINATION ${VAR_INSTALL_DIR}/run/pki/tks ) + +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tksd.target.wants +) diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in index d98a25154..fbe2d24c0 100644 --- a/pki/base/tks/shared/conf/CS.cfg.in +++ b/pki/base/tks/shared/conf/CS.cfg.in @@ -12,6 +12,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] cs.type=TKS diff --git a/pki/base/tks/shared/lib/systemd/system/pki-tksd.target b/pki/base/tks/shared/lib/systemd/system/pki-tksd.target new file mode 100644 index 000000000..3e2b89edd --- /dev/null +++ b/pki/base/tks/shared/lib/systemd/system/pki-tksd.target @@ -0,0 +1,8 @@ +[Unit] +Description=PKI Token Key Service +After=syslog.target network.target + +[Install] +WantedBy=multi-user.target + + diff --git a/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service b/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service new file mode 100644 index 000000000..d624eece4 --- /dev/null +++ b/pki/base/tks/shared/lib/systemd/system/pki-tksd@.service @@ -0,0 +1,13 @@ +[Unit] +Description=PKI Token Key Service %i +After=pki-tksd.target +BindTo=pki-tksd.target + +[Service] +Type=forking +ExecStart=/usr/bin/pkicontrol start tks %i +ExecStop=/usr/bin/pkicontrol stop tks %i + +[Install] +WantedBy=multi-user.target + diff --git a/pki/cmake/Modules/DefineInstallationPaths.cmake b/pki/cmake/Modules/DefineInstallationPaths.cmake index bc8d9b21a..fa4a870b7 100644 --- a/pki/cmake/Modules/DefineInstallationPaths.cmake +++ b/pki/cmake/Modules/DefineInstallationPaths.cmake @@ -8,7 +8,6 @@ if (UNIX) SET(LIB_SUFFIX CACHE STRING "Define suffix of directory name (32/64)" ) - SET(EXEC_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}" CACHE PATH "Base directory for executables and libraries" @@ -105,6 +104,14 @@ if (UNIX) ${EXEC_INSTALL_PREFIX}/var CACHE PATH "The /var install dir (default prefix/var)" ) + SET(SYSTEMD_LIB_INSTALL_DIR + "/lib/systemd/system" + CACHE PATH "Base directory for systemd target and service files" + ) + SET(SYSTEMD_ETC_INSTALL_DIR + "/etc/systemd/system" + CACHE PATH "Base directory for systemd custom target and service files" + ) endif (UNIX) if (WIN32) diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages index 848a623da..86a2380d1 100755 --- a/pki/scripts/compose_pki_core_packages +++ b/pki/scripts/compose_pki_core_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_CORE="pki-core" -PKI_CORE_VERSION="9.0.12" +PKI_CORE_VERSION="9.0.13" ## diff --git a/pki/scripts/compose_pki_kra_packages b/pki/scripts/compose_pki_kra_packages index 94188c72d..06623f054 100755 --- a/pki/scripts/compose_pki_kra_packages +++ b/pki/scripts/compose_pki_kra_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_KRA="pki-kra" -PKI_KRA_VERSION="9.0.5" +PKI_KRA_VERSION="9.0.6" ## diff --git a/pki/scripts/compose_pki_ocsp_packages b/pki/scripts/compose_pki_ocsp_packages index d0bae0754..ee62a3eb3 100755 --- a/pki/scripts/compose_pki_ocsp_packages +++ b/pki/scripts/compose_pki_ocsp_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_OCSP="pki-ocsp" -PKI_OCSP_VERSION="9.0.4" +PKI_OCSP_VERSION="9.0.5" ## diff --git a/pki/scripts/compose_pki_tks_packages b/pki/scripts/compose_pki_tks_packages index 68ee4a93c..da02251f4 100755 --- a/pki/scripts/compose_pki_tks_packages +++ b/pki/scripts/compose_pki_tks_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_TKS="pki-tks" -PKI_TKS_VERSION="9.0.4" +PKI_TKS_VERSION="9.0.5" ## diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec index 3547e8abd..eaf0ee232 100644 --- a/pki/specs/pki-core.spec +++ b/pki/specs/pki-core.spec @@ -1,5 +1,5 @@ Name: pki-core -Version: 9.0.12 +Version: 9.0.13 Release: 1%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ @@ -32,6 +32,9 @@ BuildRequires: tomcatjss >= 2.0.0 BuildRequires: velocity BuildRequires: xalan-j2 BuildRequires: xerces-j2 +%if 0%{?fedora} >= 16 +BuildRequires: systemd-units +%endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -323,10 +326,17 @@ Requires: java >= 1:1.6.0 Requires: pki-ca-theme >= 9.0.0 Requires: pki-common = %{version}-%{release} Requires: pki-selinux = %{version}-%{release} +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts +%endif + %if 0%{?fedora} >= 15 # Details: # @@ -420,6 +430,13 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-cad +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif + %pre -n pki-selinux %saveFileContext targeted @@ -442,8 +459,8 @@ if [ $1 = 0 ]; then %relabel targeted fi - -%post -n pki-ca +%if 0%{?fedora} < 16 +%post -n pki-ca # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-cad || : @@ -460,6 +477,24 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-cad condrestart >/dev/null 2>&1 || : fi +%else +%post -n pki-ca +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun -n pki-ca +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || : +fi + + +%postun -n pki-ca +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || : +fi +%endif + %files -n pki-setup %defattr(-,root,root,-) @@ -469,8 +504,13 @@ fi %dir %{_datadir}/pki %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/pkicommon.pm +%{_datadir}/pki/scripts/functions +%{_datadir}/pki/scripts/pki_apache_initscript %dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/run/pki +%if 0%{?fedora} >= 16 +%{_bindir}/pkicontrol +%endif %files -n pki-symkey @@ -479,7 +519,6 @@ fi %{_jnidir}/symkey.jar %{_libdir}/symkey/ - %files -n pki-native-tools %defattr(-,root,root,-) %doc base/native-tools/LICENSE base/native-tools/doc/README @@ -549,8 +588,6 @@ fi %{_javadir}/pki/pki-cmsbundle.jar %{_javadir}/pki/pki-cmscore-%{version}.jar %{_javadir}/pki/pki-cmscore.jar -%{_datadir}/pki/scripts/functions -%{_datadir}/pki/scripts/pki_apache_initscript %{_datadir}/pki/setup/ %files -n pki-common-javadoc @@ -567,7 +604,13 @@ fi %files -n pki-ca %defattr(-,root,root,-) %doc base/ca/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-cad.target.wants +%{_unitdir}/pki-cad@.service +%{_unitdir}/pki-cad.target +%else %{_initrddir}/pki-cad +%endif %{_javadir}/pki/pki-ca-%{version}.jar %{_javadir}/pki/pki-ca.jar %dir %{_datadir}/pki/ca @@ -599,6 +642,14 @@ fi %changelog +* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.13-1 +- 'pki-setup' +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) +- 'pki-ca' +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) +- 'pki-common' +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Tue Aug 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.12-1 - 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec index ea79c29f2..ef8c2c434 100644 --- a/pki/specs/pki-kra.spec +++ b/pki/specs/pki-kra.spec @@ -1,5 +1,5 @@ Name: pki-kra -Version: 9.0.5 +Version: 9.0.6 Release: 1%{?dist} Summary: Certificate System - Data Recovery Manager URL: http://pki.fedoraproject.org/ @@ -18,15 +18,25 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util +%if 0%{?fedora} >= 16 +BuildRequires: systemd-units +%endif Requires: java >= 1:1.6.0 Requires: pki-common Requires: pki-kra-theme Requires: pki-selinux +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts +%endif + %if 0%{?fedora} >= 15 # Details: # @@ -117,7 +127,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-krad +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-krad || : @@ -134,12 +151,33 @@ fi if [ "$1" -ge "1" ] ; then /sbin/service pki-krad condrestart >/dev/null 2>&1 || : fi +%else +%post +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || : +fi +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/kra/LICENSE -%{_initrddir}/pki-krad +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants +%{_unitdir}/pki-krad@.service +%{_unitdir}/pki-krad.target +%else +%{_initrddir}/pki-cad +%endif %{_javadir}/pki/pki-kra-%{version}.jar %{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra @@ -159,6 +197,9 @@ fi %changelog +* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.6-1 +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.5-1 - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec index c72511dce..3467d042a 100644 --- a/pki/specs/pki-ocsp.spec +++ b/pki/specs/pki-ocsp.spec @@ -1,5 +1,5 @@ Name: pki-ocsp -Version: 9.0.4 +Version: 9.0.5 Release: 1%{?dist} Summary: Certificate System - Online Certificate Status Protocol Manager URL: http://pki.fedoraproject.org/ @@ -18,15 +18,26 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util +%if 0%{?fedora} >= 16 +BuildRequires: systemd-units +%endif Requires: java >= 1:1.6.0 Requires: pki-common Requires: pki-ocsp-theme Requires: pki-selinux + +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts +%endif + %if 0%{?fedora} >= 15 # Details: # @@ -124,7 +135,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfi echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-ocspd +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-ocspd || : @@ -142,11 +160,35 @@ if [ "$1" -ge "1" ] ; then /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || : fi +%else +%post +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || : +fi + + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || : +fi +%endif + %files %defattr(-,root,root,-) %doc base/ocsp/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants +%{_unitdir}/pki-ocspd@.service +%{_unitdir}/pki-ocspd.target +%else %{_initrddir}/pki-ocspd +%endif %{_javadir}/pki/pki-ocsp-%{version}.jar %{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp @@ -166,6 +208,9 @@ fi %changelog +* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1 +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1 - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec index b5eb11cdd..3001b5c53 100644 --- a/pki/specs/pki-tks.spec +++ b/pki/specs/pki-tks.spec @@ -1,5 +1,5 @@ Name: pki-tks -Version: 9.0.4 +Version: 9.0.5 Release: 1%{?dist} Summary: Certificate System - Token Key Service URL: http://pki.fedoraproject.org/ @@ -18,15 +18,25 @@ BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util +%if 0%{?fedora} >= 16 +BuildRequires: systemd-units +%endif Requires: java >= 1:1.6.0 Requires: pki-common Requires: pki-selinux Requires: pki-tks-theme +%if 0%{?fedora} >= 16 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%else Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts +%endif + %if 0%{?fedora} >= 15 # Details: # @@ -118,29 +128,56 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf %endif +%if 0%{?fedora} >= 16 +%{__rm} %{buildroot}%{_initrddir}/pki-tksd +%else +%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants +%{__rm} -rf %{buildroot}%{_unitdir} +%endif +%if 0%{?fedora} < 16 %post # This adds the proper /etc/rc*.d links for the script /sbin/chkconfig --add pki-tksd || : - %preun if [ $1 = 0 ] ; then /sbin/service pki-tksd stop >/dev/null 2>&1 /sbin/chkconfig --del pki-tksd || : fi - %postun if [ "$1" -ge "1" ] ; then /sbin/service pki-tksd condrestart >/dev/null 2>&1 || : fi +%else +%post +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%preun +if [ $1 = 0 ] ; then + /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || : + /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ "$1" -ge "1" ] ; then + /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || : +fi +%endif %files %defattr(-,root,root,-) %doc base/tks/LICENSE +%if 0%{?fedora} >= 16 +%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants +%{_unitdir}/pki-tksd@.service +%{_unitdir}/pki-tksd.target +%else %{_initrddir}/pki-tksd +%endif %{_javadir}/pki/pki-tks-%{version}.jar %{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks @@ -160,6 +197,9 @@ fi %changelog +* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1 +- Bugzilla Bug #699809 - Convert CS to use systemd + * Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1 - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW |