| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce absolute imports or explicit relative imports. Python 3 no
longer supports implicit relative imports, that is unqualified imports
from a module's directory. In order to load a module from the same
directory inside a package, use
from . import module
The future feature 'from __future__ import absolute_import' ensures that
pki uses absolute imports on Python 2, too.
See https://www.python.org/dev/peps/pep-0328/
|
|
|
|
|
|
|
| |
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat
shows an error page
|
|
|
|
|
|
| |
Ticket # 1466 .
Also remove some needless copies of server.xml from the code.
|
| |
|
|
|
|
| |
expressions used by system call to 'sed'.
|
|
|
|
|
| |
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
|
|
|
|
|
|
|
| |
pylint-build-scan.sh doesn't checked the upgrader's Python files yet.
This patch adds the common and server upgrade scripts to
pylint-build-scan.sh. It also fixes a couple of pylint violations,
mostly missing calls to __init__().
|
|
|
|
|
|
|
| |
The patch implements an updater, that adds the new KRA signed audit
events (#1160) to KRA's CS.cfg.
https://fedorahosted.org/pki/ticket/1382
|
|
|
|
|
| |
The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned
by root. chown CS.cfg to the instance owner.
|
| |
|
|
|
|
|
|
| |
Dogtag entered a state where an upgrade script failed before it was
trying to chown a file that didn't exist. Add a check that the file
exists.
|
|
|
|
|
|
|
| |
The upgrade scripts have been modified to use the uid and gid
provided by PKIInstance object.
https://fedorahosted.org/pki/ticket/1341
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The <instance>/work/Catalina/localhost/pki folder was owned by
root in Dogtag 10.0.x but now should be owned by pkiuser. An
upgrade script has been added to fix the ownership.
https://fedorahosted.org/pki/ticket/802
|
|
|
|
|
|
|
|
|
|
| |
In Fedora 22 the Resteasy package has been split into several
subpackages. The pki-core.spec has been modified to depend on
more specific Resteasy packages which depend only on Jackson
1.x. The classpaths and various scripts have been modified to
remove unused references to Jackson 2.x.
https://fedorahosted.org/pki/ticket/1254
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new pki-server CLI has been added to manage the instances and
subsystems using the server management library. This CLI manages
the system files directly, so it can only be run locally on the
server by the system administrator.
The autoDeploy setting in server.xml has been enabled by default.
An upgrade script has been added to enable the autoDeploy setting
in existing instances.
https://fedorahosted.org/pki/ticket/1183
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently web applications are deployed into Host's appBase (i.e.
<instance>/webapps). To allow better control of individual
subsystem deployments, the web applications have to be moved out
of the appBase so that the autoDeploy can work properly later.
This patch moves the common web applications to <instance>/
common/webapps and subsystem web applications to <instance>/
<subsystem>/webapps. An upgrade script has been added to update
existing deployments.
https://fedorahosted.org/pki/ticket/1183
|
|
|
|
| |
and upgrade
|
|
|
|
| |
https://fedorahosted.org/pki/ticket/1191
|
|
|
|
| |
Added to 10.1.1 to be consistent with 10.1 branch.
|
|
|
|
|
|
| |
The current upgrade framework requires that all supported versions
to upgrade from to have corresponding upgrade folders even though
they might be empty. New empty folders have been added for 10.1.1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the CMSStartServlet always requires a cfgPath parameter
pointing to the CS.cfg location. By default the parameter points to
<instance>/conf/<subsystem>/CS.cfg unless it's manually changed by
the admin after installation.
Recently the servlet has been modified such that if the parameter
is not specified it will generate the default path automatically.
So it is no longer necessary to keep the cfgPath parameter in the
web.xml templates because it will point to the same location.
This patch removes the cfgPath parameters from all web.xml templates.
This way newly created subsystems will not have this parameter, which
will help direct deployment in the future. An upgrade script has been
added to remove the parameter from existing instances if it points to
the default location. If the parameter points to a different location
that means the subsystem has been customized so it will not be changed.
Ticket #748, #499
|
|
|
|
|
|
|
|
| |
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
|
|
|
|
|
|
|
|
|
| |
The Dogtag client library has been modified to use RESTEasy 3.0 client
library. A new upgrade script has been added to update existing servers.
The JAXB annotation in ResourceMessage has been modified to require
explicit property mapping.
Ticket #554
|
|
|
|
|
|
|
| |
A new upgrade script has been added to replace Jettison links with
Jackson links in Tomcat's common library.
Ticket #817
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The location of web application context file has been changed from
<instance>/webapps/<name>/META-INF/context.xml
into
<instance>/conf/Catalina/localhost/<name>.xml.
This will eventually allow deploying the web application directly
from the shared folder.
A new upgrade script has been added to move the context files in
the existing instances.
Ticket #499
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migration scripts have been added to update the registry file
for tomcat instances to use PKI_INSTANCE_NAME instead of PKI_INSTANCE_ID.
File ownershipof the registry file and log files is also fixed.
Also removed unused lock file logic in operations startup script.
This is for migration from 10.0 -> 10.1
Ticket 805
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ACL mapping files have been renamed from auth.properties to
acl.properties to match the actual content and moved into the
subsystem conf folder. The authentication method mapping files
have been extracted from the interceptor into actual files.
The ACLInterceptor and AuthMethodInterceptors have been modified to read
the default mapping first, then overwrite it with custom mapping if it
exists in the subsystem folder.
The UpdateAuthzProperties upgrade script has been replaced with
RemoveAuthProperties that will remove the old auth.properties.
|
| |
|
|
|
|
| |
Also moved 10.1 version upgrade scripts to 10.0.99.
|
| |
|
|
|
|
|
|
|
|
|
| |
The authenticator configuration has been modified to store the authentication
info in the session so it can be used by the servlets. An upgrade script has
been added to update the configuration in existing instances.
The SSLAuthenticatorWithFalback was modified to propagate the configuration
to the actual authenticator handling the request.
|
|
|
|
|
|
|
|
| |
The redundant JNI_JAR_DIR will be removed from /etc/pki/pki.conf starting
from version 10.0.4.
Empty folders need be created for each released version number to allow
proper upgrade and revert operations.
|
|
|
|
|
|
|
| |
The upgrade framework has been updated to support backup and restore
operations for folders and their contents.
Ticket #583
|
|
|
|
|
|
| |
Recently the JNI_JAR_DIR was moved into /usr/share/pki/etc/pki.conf.
A new upgrade script has been added to remove the unused JNI_JAR_DIR
from /etc/pki/pki.conf.
|
|
|
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to support backup and restore
functionality. A new method backup(filename) has been added to save
a file into a backup folder. The CLI's have been modified to accept
a --revert parameter which will restore the backup files one version
at a time.
Ticket #583
|
|
|
|
|
|
|
|
|
|
| |
The upgrade framework has been split into base and server upgrade
frameworks since they will be run automatically by different RPM
packages during upgrade. The base upgrade framework will upgrade
the system configuration. The server upgrade framework will upgrade
the instances and subsystems.
Ticket #544
|
|
|
|
|
|
|
|
|
|
| |
D9 instances run on tomcat6, which does not have support for the
autheticator and realm. We are not supporting the REST operations
on D9 style instances. They will need to be migrated.
The migration framework has been modified to process d9 or d10
style instances, and a migration script has been added to add the new
servlet to existing d9 instances.
|
|
|
|
|
|
|
| |
Some common constants and methods in pki.upgrade have been moved
into the pki module.
Ticket #544
|
|
|
|
|
|
|
| |
Modified code to use this interface by default. Added required
migration script code.
Ticket 546
|
|
|
|
| |
Ticket 546
|
|
An upgrade script has been added to update the context.xml to
configure the random number generator.
Ticket #545
|