summaryrefslogtreecommitdiffstats
path: root/base/server/upgrade
Commit message (Collapse)AuthorAgeFilesLines
* Fix flake8 / PEP 8 violationsChristian Heimes2016-01-251-0/+1
| | | | https://fedorahosted.org/pki/ticket/1738
* Allow encoded slashes in HTTP pathsFraser Tweedale2016-01-211-0/+37
| | | | | | | | | | | | | | Properly formed GET-based OCSP requests can contain URL-encoded slashes in the HTTP path[1] but our Tomcat configuration does not permit this (returns 400 Bad Request). Change catalina.properties to allow URL-encoded slashes in HTTP paths. [1] https://tools.ietf.org/html/rfc6960#appendix-A.1 Also add an upgrade script to update catalina.properties in existing instances. Fixes: https://fedorahosted.org/pki/ticket/1658
* Py3 compatibility: encode output of subprocess callChristian Heimes2015-08-172-2/+6
| | | | | | | | | In Python 3 subprocess.Popen() and check_out() return bytes. The rest of PKI expects text, so the output has to be decoded. - ascii for dnsdomainname - sys.getfilesystemencoding() for paths - utf-8 for the rest
* Py3 compatibility: write XML as encoded bytesChristian Heimes2015-08-176-16/+16
| | | | | Python 3 treats serialized XML as encoded bytes. etree must encode XML to UTF-8 and write it to a file opened in binary mode.
* Py3 modernization: misc manual fixesChristian Heimes2015-08-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | Python 3's exception class has no message attribute. e.message can either be replaced with string representation of e or e.args[0]. Use print(line, end='') instead of sys.stdout.write(). With end='' no new line is appended. Use six.reraise() to reraise an exception. Remove sys.exc_clear() as it is no longer available in Python 3. Conditionally import shutil.WindowsError. Use six.move to import correct modules / function like quote, urlparse and configparser. Silence some pylint warnings. pylint doesn't understand six.moves magic and emits a import-error warning. Add additional tox envs to check for Python 3 compatibility.
* Py3 modernization: libmodernize.fixes.fix_importChristian Heimes2015-08-1725-0/+25
| | | | | | | | | | | | | | Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
* Make pki PEP 8 compatibleChristian Heimes2015-08-1417-90/+165
| | | | | | | | | | | | | | | | | | | Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
* remove more inaccessible URLs from server.xmlMatthew Harmsen2015-08-071-0/+2
| | | | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible - PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page
* TPS add phone home URLs to pkidaemon status message.Jack Magne2015-07-161-0/+112
| | | | | | Ticket # 1466 . Also remove some needless copies of server.xml from the code.
* Renamed deprecated pylint 'disable-msg' to 'disable'.Matthew Harmsen2015-07-141-1/+1
|
* Disable 'W1401' anomalous-backslash-in-string pylint warning for regexMatthew Harmsen2015-07-131-0/+1
| | | | expressions used by system call to 'sed'.
* remove inaccessible URLs from server.xmlMatthew Harmsen2015-07-131-0/+40
| | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
* Run pylint on upgrade scriptsChristian Heimes2015-06-1623-36/+35
| | | | | | | pylint-build-scan.sh doesn't checked the upgrader's Python files yet. This patch adds the common and server upgrade scripts to pylint-build-scan.sh. It also fixes a couple of pylint violations, mostly missing calls to __init__().
* Add new KRA audit events to KRA's CS.cfgChristian Heimes2015-06-161-0/+72
| | | | | | | The patch implements an updater, that adds the new KRA signed audit events (#1160) to KRA's CS.cfg. https://fedorahosted.org/pki/ticket/1382
* Update: fix CS.cfg permissionsFraser Tweedale2015-06-161-0/+1
| | | | | The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned by root. chown CS.cfg to the instance owner.
* Upgrade: add scriptlet to fix nuxwdog listener classFraser Tweedale2015-06-161-0/+36
|
* Upgrade: check file exists before chowningFraser Tweedale2015-06-161-1/+2
| | | | | | Dogtag entered a state where an upgrade script failed before it was trying to chown a file that didn't exist. Add a check that the file exists.
* Refactored upgrade scripts.Endi S. Dewata2015-05-119-186/+35
| | | | | | | The upgrade scripts have been modified to use the uid and gid provided by PKIInstance object. https://fedorahosted.org/pki/ticket/1341
* Ticket 1295 Upgrade script for - CA: OCSP via GET does not workChristina Fu2015-05-051-0/+79
|
* Remove duplicate prompt on nuxwdog startupAde Lee2015-04-231-0/+49
|
* Added upgrade script to fix instance work folder ownership.Endi S. Dewata2015-04-081-0/+57
| | | | | | | | The <instance>/work/Catalina/localhost/pki folder was owned by root in Dogtag 10.0.x but now should be owned by pkiuser. An upgrade script has been added to fix the ownership. https://fedorahosted.org/pki/ticket/802
* Updated Resteasy and Jackson dependenciesEndi S. Dewata2015-02-031-0/+60
| | | | | | | | | | In Fedora 22 the Resteasy package has been split into several subpackages. The pki-core.spec has been modified to depend on more specific Resteasy packages which depend only on Jackson 1.x. The classpaths and various scripts have been modified to remove unused references to Jackson 2.x. https://fedorahosted.org/pki/ticket/1254
* Added server management CLI.Endi S. Dewata2015-01-281-0/+56
| | | | | | | | | | | | | A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183
* Moved web application deployment locations.Endi S. Dewata2015-01-281-0/+119
| | | | | | | | | | | | | Currently web applications are deployed into Host's appBase (i.e. <instance>/webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to <instance>/ common/webapps and subsystem web applications to <instance>/ <subsystem>/webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183
* Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default ↵Christina Fu2014-11-241-0/+102
| | | | and upgrade
* Updated version to 10.2.1-0.1.Endi S. Dewata2014-10-271-0/+4
| | | | https://fedorahosted.org/pki/ticket/1191
* Added idempotent 01-MoveWebApplicationContextFile migration scriptAde Lee2014-09-193-0/+108
| | | | Added to 10.1.1 to be consistent with 10.1 branch.
* Added missing upgrade folders.Endi S. Dewata2014-08-271-0/+4
| | | | | | The current upgrade framework requires that all supported versions to upgrade from to have corresponding upgrade folders even though they might be empty. New empty folders have been added for 10.1.1.
* Removed config path from web.xml.Endi S. Dewata2014-03-171-0/+80
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Reorganized REST service classes.Endi S. Dewata2014-02-281-0/+74
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Upgraded RESTEasy client library.Endi S. Dewata2014-02-271-0/+76
| | | | | | | | | | The Dogtag client library has been modified to use RESTEasy 3.0 client library. A new upgrade script has been added to update existing servers. The JAXB annotation in ResourceMessage has been modified to require explicit property mapping. Ticket #554
* Added upgrade script to replace Jettison with Jackson.Endi S. Dewata2014-02-061-0/+136
| | | | | | | A new upgrade script has been added to replace Jettison links with Jackson links in Tomcat's common library. Ticket #817
* Moved web application context file.Endi S. Dewata2013-12-163-11/+101
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Add migration scripts to fix registry file and ownershipAde Lee2013-11-202-0/+121
| | | | | | | | | | | | Migration scripts have been added to update the registry file for tomcat instances to use PKI_INSTANCE_NAME instead of PKI_INSTANCE_ID. File ownershipof the registry file and log files is also fixed. Also removed unused lock file logic in operations startup script. This is for migration from 10.0 -> 10.1 Ticket 805
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-202-8/+9
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* Moved EnableSessionInAuthenticator script to 10.0.5.Endi S. Dewata2013-10-112-0/+4
|
* Add upgrade file for auth.propertiesAde Lee2013-10-092-0/+45
| | | | Also moved 10.1 version upgrade scripts to 10.0.99.
* Upgrade script to fix JAVA_OPTSAde Lee2013-09-181-0/+39
|
* Storing authentication info in session.Endi S. Dewata2013-07-291-0/+69
| | | | | | | | | The authenticator configuration has been modified to store the authentication info in the session so it can be used by the servlets. An upgrade script has been added to update the configuration in existing instances. The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.
* Moved script to remove JNI_JAR_DIR to 10.0.3 folder.Endi S. Dewata2013-07-101-0/+4
| | | | | | | | The redundant JNI_JAR_DIR will be removed from /etc/pki/pki.conf starting from version 10.0.4. Empty folders need be created for each released version number to allow proper upgrade and revert operations.
* Added support to backup folders during upgrade.Endi Sukma Dewata2013-07-081-37/+37
| | | | | | | The upgrade framework has been updated to support backup and restore operations for folders and their contents. Ticket #583
* Removing JNI_JAR_DIR from /etc/pki/pki.conf.Endi Sukma Dewata2013-05-151-0/+4
| | | | | | Recently the JNI_JAR_DIR was moved into /usr/share/pki/etc/pki.conf. A new upgrade script has been added to remove the unused JNI_JAR_DIR from /etc/pki/pki.conf.
* Added support for backup/restore on upgrade.Endi Sukma Dewata2013-05-153-4/+10
| | | | | | | | | | The upgrade framework has been modified to support backup and restore functionality. A new method backup(filename) has been added to save a file into a backup folder. The CLI's have been modified to accept a --revert parameter which will restore the backup files one version at a time. Ticket #583
* Refactored upgrade framework into base and server upgrade.Endi Sukma Dewata2013-04-253-6/+6
| | | | | | | | | | The upgrade framework has been split into base and server upgrade frameworks since they will be run automatically by different RPM packages during upgrade. The base upgrade framework will upgrade the system configuration. The server upgrade framework will upgrade the instances and subsystems. Ticket #544
* Added servlet to return 501 for rest operations for d9 instancesAde Lee2013-04-223-30/+159
| | | | | | | | | | D9 instances run on tomcat6, which does not have support for the autheticator and realm. We are not supporting the REST operations on D9 style instances. They will need to be migrated. The migration framework has been modified to process d9 or d10 style instances, and a migration script has been added to add the new servlet to existing d9 instances.
* Refactored pki.upgrade module.Endi Sukma Dewata2013-04-173-4/+11
| | | | | | | Some common constants and methods in pki.upgrade have been moved into the pki module. Ticket #544
* Added tokenAuthenticate to admin interfaceAde Lee2013-04-161-6/+63
| | | | | | | Modified code to use this interface by default. Added required migration script code. Ticket 546
* Migration script for cloning changes.Ade Lee2013-04-161-0/+138
| | | | Ticket 546
* Added upgrade script for random number generator.Endi Sukma Dewata2013-04-161-0/+152
An upgrade script has been added to update the context.xml to configure the random number generator. Ticket #545
generated by cgit (git 2.34.1) at 2024-06-07 13:02:50 +0000