From 9996d71e1a4fb7a8ca6752b83e4f2393dbefa76b Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Thu, 6 Dec 2012 13:06:14 -0500 Subject: Parameterizing RESTEasy paths. The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423. --- base/ca/src/CMakeLists.txt | 3 +- base/common/shared/conf/pki.policy | 30 ++--------- base/common/shared/conf/tomcat.conf | 7 +++ base/common/src/CMakeLists.txt | 9 ++-- base/deploy/CMakeLists.txt | 13 +++++ base/deploy/etc/pki.conf | 2 + base/deploy/scripts/operations | 21 ++++---- base/deploy/src/scriptlets/configuration.py | 4 +- base/deploy/src/scriptlets/pkiconfig.py | 14 ----- base/deploy/src/scriptlets/pkihelper.py | 58 ++++++++++++++++----- base/deploy/src/scriptlets/pkijython.py | 81 ----------------------------- base/deploy/src/scriptlets/pkimessages.py | 3 +- base/deploy/src/scriptlets/pkiparser.py | 17 ++++-- base/java-tools/pki | 11 ++-- base/java-tools/src/CMakeLists.txt | 9 ++-- base/kra/src/CMakeLists.txt | 3 +- base/ocsp/src/CMakeLists.txt | 3 +- base/setup/scripts/functions | 6 ++- base/tks/src/CMakeLists.txt | 3 +- specs/pki-core.spec | 23 ++++---- 20 files changed, 132 insertions(+), 188 deletions(-) create mode 100644 base/deploy/etc/pki.conf diff --git a/base/ca/src/CMakeLists.txt b/base/ca/src/CMakeLists.txt index aa19cc42b..e5ef9e530 100644 --- a/base/ca/src/CMakeLists.txt +++ b/base/ca/src/CMakeLists.txt @@ -28,8 +28,7 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) # build pki-ca diff --git a/base/common/shared/conf/pki.policy b/base/common/shared/conf/pki.policy index b9d79fe58..4ae2de734 100644 --- a/base/common/shared/conf/pki.policy +++ b/base/common/shared/conf/pki.policy @@ -106,43 +106,23 @@ grant codeBase "file:/usr/share/java/log4j.jar" { permission java.security.AllPermission; }; -grant codeBase "file:/usr/share/java/resteasy/jaxrs-api.jar" { +grant codeBase "file:${RESTEASY_LIB}/jaxrs-api.jar" { permission java.security.AllPermission; }; -grant codeBase "file:/usr/share/java/resteasy/resteasy-atom-provider.jar" { +grant codeBase "file:${RESTEASY_LIB}/resteasy-atom-provider.jar" { permission java.security.AllPermission; }; -grant codeBase "file:/usr/share/java/resteasy/resteasy-jaxb-provider.jar" { +grant codeBase "file:${RESTEASY_LIB}/resteasy-jaxb-provider.jar" { permission java.security.AllPermission; }; -grant codeBase "file:/usr/share/java/resteasy/resteasy-jaxrs.jar" { +grant codeBase "file:${RESTEASY_LIB}/resteasy-jaxrs.jar" { permission java.security.AllPermission; }; -grant codeBase "file:/usr/share/java/resteasy/resteasy-jettison-provider.jar" { - permission java.security.AllPermission; -}; - -grant codeBase "file:/usr/share/java/resteasy-base/jaxrs-api.jar" { - permission java.security.AllPermission; -}; - -grant codeBase "file:/usr/share/java/resteasy-base/resteasy-atom-provider.jar" { - permission java.security.AllPermission; -}; - -grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar" { - permission java.security.AllPermission; -}; - -grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jaxrs.jar" { - permission java.security.AllPermission; -}; - -grant codeBase "file:/usr/share/java/resteasy-base/resteasy-jettison-provider.jar" { +grant codeBase "file:${RESTEASY_LIB}/resteasy-jettison-provider.jar" { permission java.security.AllPermission; }; diff --git a/base/common/shared/conf/tomcat.conf b/base/common/shared/conf/tomcat.conf index 54d67e4b4..7b8f87cb5 100644 --- a/base/common/shared/conf/tomcat.conf +++ b/base/common/shared/conf/tomcat.conf @@ -14,6 +14,10 @@ # (see, for instance, /etc/sysconfig/tomcat) # +if [ -f /etc/pki/pki.conf ] ; then + . /etc/pki/pki.conf +fi + # Where your java installation lives #JAVA_HOME="/usr/lib/jvm/jre" @@ -32,6 +36,9 @@ CATALINA_TMPDIR=[PKI_TMPDIR] # Enable the following JAVA_OPTS to run a java debugger (e. g. - 'eclipse') #JAVA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n -Djava.awt.headless=true -Xmx128M" +# RESTEasy +JAVA_OPTS="$JAVA_OPTS -DRESTEASY_LIB=${RESTEASY_LIB}" + # What user should run tomcat TOMCAT_USER="[PKI_USER]" diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index e21f13ce6..c010bedfe 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -87,24 +87,21 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(RESTEASY_JAXRS_JAR NAMES resteasy-jaxrs.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(RESTEASY_ATOM_PROVIDER_JAR NAMES resteasy-atom-provider.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(HTTPCLIENT_JAR diff --git a/base/deploy/CMakeLists.txt b/base/deploy/CMakeLists.txt index d63176f1a..3b1d9f583 100644 --- a/base/deploy/CMakeLists.txt +++ b/base/deploy/CMakeLists.txt @@ -67,6 +67,19 @@ install( etc/ DESTINATION ${SYSCONF_INSTALL_DIR}/pki + PATTERN "pki.conf" EXCLUDE +) + +configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/etc/pki.conf + ${CMAKE_CURRENT_BINARY_DIR}/etc/pki.conf +) + +install( + FILES + ${CMAKE_CURRENT_BINARY_DIR}/etc/pki.conf + DESTINATION + ${SYSCONF_INSTALL_DIR}/pki/ ) find_package(PythonInterp REQUIRED) diff --git a/base/deploy/etc/pki.conf b/base/deploy/etc/pki.conf new file mode 100644 index 000000000..3e5a5e154 --- /dev/null +++ b/base/deploy/etc/pki.conf @@ -0,0 +1,2 @@ +# RESTEasy library +RESTEASY_LIB=${RESTEASY_LIB} diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index 0a768fb1b..336f847e6 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -30,6 +30,10 @@ # 200-254 reserved # +if [ -f /etc/pki/pki.conf ] ; then + . /etc/pki/pki.conf +fi + # PKI subsystem-level directory and file values for locks lockfile="/var/lock/subsys/${SERVICE_NAME}" @@ -945,13 +949,6 @@ verify_symlinks() pki_systemd_service="pki-${PKI_WEB_SERVER_TYPE}d@.service" systemd_dir="/lib/systemd/system" - grep "Red Hat Enterprise Linux" /etc/redhat-release - if [ $? == 0 ]; then - resteasy_java_dir="/usr/share/java/resteasy-base" - else - resteasy_java_dir="/usr/share/java/resteasy" - fi - # Dogtag 10 Symbolic Link Variables pki_common_jar_dir="${PKI_INSTANCE_PATH}/common/lib" pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_ID}" @@ -1053,15 +1050,15 @@ verify_symlinks() [httpclient.jar]=${java_dir}/httpcomponents/httpclient.jar [httpcore.jar]=${java_dir}/httpcomponents/httpcore.jar [javassist.jar]=${java_dir}/javassist.jar - [jaxrs-api.jar]=${resteasy_java_dir}/jaxrs-api.jar + [jaxrs-api.jar]=${RESTEASY_LIB}/jaxrs-api.jar [jettison.jar]=${java_dir}/jettison.jar [jss4.jar]=${jni_dir}/jss4.jar [ldapjdk.jar]=${java_dir}/ldapjdk.jar [pki-tomcat.jar]=${java_dir}/pki/pki-tomcat.jar - [resteasy-atom-provider.jar]=${resteasy_java_dir}/resteasy-atom-provider.jar - [resteasy-jaxb-provider.jar]=${resteasy_java_dir}/resteasy-jaxb-provider.jar - [resteasy-jaxrs.jar]=${resteasy_java_dir}/resteasy-jaxrs.jar - [resteasy-jettison-provider.jar]=${resteasy_java_dir}/resteasy-jettison-provider.jar + [resteasy-atom-provider.jar]=${RESTEASY_LIB}/resteasy-atom-provider.jar + [resteasy-jaxb-provider.jar]=${RESTEASY_LIB}/resteasy-jaxb-provider.jar + [resteasy-jaxrs.jar]=${RESTEASY_LIB}/resteasy-jaxrs.jar + [resteasy-jettison-provider.jar]=${RESTEASY_LIB}/resteasy-jettison-provider.jar [scannotation.jar]=${java_dir}/scannotation.jar [tomcatjss.jar]=${java_dir}/tomcat7jss.jar [velocity.jar]=${java_dir}/velocity.jar diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 16b63122f..d105590a2 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -92,7 +92,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.systemd.restart() # Pass control to the Java servlet via Jython 2.2 'configuration.jy' - util.jython.invoke(master['pki_jython_configuration_scriptlet']) + util.jython.invoke( + master['pki_jython_configuration_scriptlet'], + master['RESTEASY_LIB']) return self.rv def respawn(self): diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 4bbf92e91..7b20e474a 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -20,16 +20,6 @@ # import re -def is_rhel(): - try: - f = open("/etc/redhat-release") - for line in f: - if re.search("Red Hat Enterprise Linux", line): - return True - except IOError, e: - pass - return False - # PKI Deployment Constants PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 @@ -71,10 +61,6 @@ PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" -PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" -if is_rhel(): - PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy-base" - PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 5d89a1201..1eb7b51e6 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -2522,33 +2522,63 @@ class systemd: # PKI Deployment 'jython' Class class jython: - def invoke(self, scriptlet, critical_failure=True): + def invoke(self, scriptlet, resteasy_lib, critical_failure=True): try: + # JSS JNI Jars + # + # NOTE: Always load 64-bit JNI 'jss4.jar' + # PRIOR to 32-bit JNI 'jss4.jar' + # + classpath = "/usr/lib64/java/jss4.jar" +\ + ":/usr/lib/java/jss4.jar" +\ + ":/usr/share/java/httpcomponents/httpclient.jar" +\ + ":/usr/share/java/httpcomponents/httpcore.jar" +\ + ":/usr/share/java/apache-commons-cli.jar" +\ + ":/usr/share/java/apache-commons-codec.jar" +\ + ":/usr/share/java/apache-commons-logging.jar" +\ + ":/usr/share/java/istack-commons-runtime.jar" +\ + ":/usr/share/java/glassfish-jaxb/jaxb-impl.jar" +\ + ":/usr/share/java/scannotation.jar" + + # RESTEasy Jars + classpath = classpath +\ + ":" + resteasy_lib + "/jaxrs-api.jar" +\ + ":" + resteasy_lib + "/resteasy-atom-provider.jar" +\ + ":" + resteasy_lib + "/resteasy-jaxb-provider.jar" +\ + ":" + resteasy_lib + "/resteasy-jaxrs.jar" +\ + ":" + resteasy_lib + "/resteasy-jettison-provider.jar" + + # PKI Jars + classpath = classpath +\ + ":/usr/share/java/pki/pki-certsrv.jar" +\ + ":/usr/share/java/pki/pki-client.jar" +\ + ":/usr/share/java/pki/pki-cmsutil.jar" +\ + ":/usr/share/java/pki/pki-nsutil.jar" + + properties = "" + # From 'http://www.jython.org/archive/22/userfaq.html': # Setting this to false will allow Jython to provide access to # non-public fields, methods, and constructors of Java objects. - property = "-Dpython.security.respectJavaAccessibility=false" - # comment the next line out to use the "property" defined above - property = "" + # properties = properties + " -Dpython.security.respectJavaAccessibility=false" + # Compose this "jython" command data = pickle.dumps(master) - ld_library_path = "LD_LIBRARY_PATH" if master['pki_architecture'] == 64: - ld_library_path = ld_library_path + "=" +\ - "/usr/lib64/jss:/usr/lib64:/lib64:" +\ + ld_library_path = "/usr/lib64/jss:/usr/lib64:/lib64:" +\ "/usr/lib/jss:/usr/lib:/lib" else: - ld_library_path = ld_library_path + "=" +\ - "/usr/lib/jss:/usr/lib:/lib" - command = "export" + " " + ld_library_path + ";" + "jython" + " " +\ - property + " " + scriptlet + " " + "\"" + data + "\"" + ld_library_path = "/usr/lib/jss:/usr/lib:/lib" + command = "export LD_LIBRARY_PATH=" + ld_library_path +\ + ";export CLASSPATH=" + classpath +\ + ";jython " + properties + " " + scriptlet # Display this "jython" command config.pki_log.info( - log.PKIHELPER_INVOKE_JYTHON_3, - ld_library_path, property, scriptlet, + log.PKIHELPER_INVOKE_JYTHON_1, + command, extra=config.PKI_INDENTATION_LEVEL_2) # Invoke this "jython" command - subprocess.call(command, shell=True) + subprocess.call(command + " \"" + data + "\"", shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index b832abac8..e6a4a915e 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -35,89 +35,10 @@ pki_python_module_path = os.path.join(sys.prefix, sys.path.append(pki_python_module_path) -# http://www.jython.org/jythonbook/en/1.0/appendixB.html#working-with-classpath -############################################################################### -# from http://forum.java.sun.com/thread.jspa?threadID=300557 -# -# Author: SG Langer Jan 2007 translated the above Java to this Jython class -# Purpose: Allow runtime additions of new Class/jars either from local files -# or URL -############################################################################### -class classPathHacker: - import java.lang.reflect.Method - import java.io.File - import java.net.URL - import java.net.URLClassLoader - import jarray - - def addFile(self, s): - ################################################## - # Purpose: If adding a file/jar call this first - # with s = path_to_jar - ################################################## - - # make a URL out of 's' - f = self.java.io.File (s) - u = f.toURL () - a = self.addURL (u) - return a - - def addURL(self, u): - ########################################### - # Purpose: Call this with u= URL for the - # new Class/jar to be loaded - ########################################### - - parameters = self.jarray.array([self.java.net.URL], - self.java.lang.Class) - sysloader = self.java.lang.ClassLoader.getSystemClassLoader() - sysclass = self.java.net.URLClassLoader - method = sysclass.getDeclaredMethod("addURL", parameters) - a = method.setAccessible(1) - jar_a = self.jarray.array([u], self.java.lang.Object) - b = method.invoke(sysloader, jar_a) - return u - # PKI Python Imports import pkiconfig as config import pkimessages as log -# Dynamically Load Additional Java Jars ('append' to existing classpath) -jarLoad = classPathHacker() -# Webserver Jars -jarLoad.addFile("/usr/share/java/httpcomponents/httpclient.jar") -jarLoad.addFile("/usr/share/java/httpcomponents/httpcore.jar") -jarLoad.addFile("/usr/share/java/apache-commons-cli.jar") -jarLoad.addFile("/usr/share/java/apache-commons-codec.jar") -jarLoad.addFile("/usr/share/java/apache-commons-logging.jar") -jarLoad.addFile("/usr/share/java/istack-commons-runtime.jar") - -# Resteasy Jars -RESTEASY_ROOT = "resteasy" -if config.is_rhel(): - RESTEASY_ROOT = "resteasy-base" - -jarLoad.addFile("/usr/share/java/glassfish-jaxb/jaxb-impl.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/jaxrs-api.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-atom-provider.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jaxb-provider.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jaxrs.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jettison-provider.jar") -jarLoad.addFile("/usr/share/java/scannotation.jar") -# PKI Jars -jarLoad.addFile("/usr/share/java/pki/pki-certsrv.jar") -jarLoad.addFile("/usr/share/java/pki/pki-client.jar") -jarLoad.addFile("/usr/share/java/pki/pki-cmsutil.jar") -jarLoad.addFile("/usr/share/java/pki/pki-nsutil.jar") -# JSS JNI Jars -# -# NOTE: Always load 64-bit JNI 'jss4.jar' -# PRIOR to 32-bit JNI 'jss4.jar' -# -jarLoad.addFile("/usr/lib64/java/jss4.jar") -jarLoad.addFile("/usr/lib/java/jss4.jar") - - # Apache Commons Java Imports from org.apache.commons.cli import CommandLine from org.apache.commons.cli import CommandLineParser @@ -126,7 +47,6 @@ from org.apache.commons.cli import Options from org.apache.commons.cli import ParseException from org.apache.commons.cli import PosixParser - # JSS Java Imports from org.mozilla.jss import CryptoManager from org.mozilla.jss.asn1 import ASN1Util @@ -148,7 +68,6 @@ from org.mozilla.jss.pkix.primitive import Name from org.mozilla.jss.pkix.primitive import SubjectPublicKeyInfo from org.mozilla.jss.util import Password - # PKI Java Imports from com.netscape.certsrv.system import SystemConfigClient from com.netscape.certsrv.system import SystemCertData diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index 7b0d02c78..5b1448f65 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -189,8 +189,7 @@ PKIHELPER_GROUP_ADD_GID_KEYERROR_1 = "KeyError: pki_gid %s" PKIHELPER_GROUP_ADD_KEYERROR_1 = "KeyError: pki_group %s" PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT = "port %s has invalid selinux "\ "context %s" -PKIHELPER_INVOKE_JYTHON_3 = "executing 'export %s;"\ - "jython %s %s '" +PKIHELPER_INVOKE_JYTHON_1 = "executing '%s'" PKIHELPER_IS_A_DIRECTORY_1 = "'%s' is a directory" PKIHELPER_IS_A_FILE_1 = "'%s' is a file" PKIHELPER_IS_A_SYMLINK_1 = "'%s' is a symlink" diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 0a77a4985..558873ded 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -26,6 +26,7 @@ import logging import os import random import string +import subprocess import sys import time @@ -270,6 +271,12 @@ class PKIConfigParser: config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") + # RESTEasy + config.pki_master_dict['RESTEASY_LIB'] =\ + subprocess.check_output( + 'source /etc/pki/pki.conf && echo $RESTEASY_LIB', + shell=True).strip() + # IMPORTANT: A "PKI instance" no longer corresponds to a single # pki subystem, but rather to a unique # "Tomcat web instance" or a unique "Apache web instance". @@ -618,7 +625,7 @@ class PKIConfigParser: os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "javassist.jar") config.pki_master_dict['pki_resteasy_jaxrs_api_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "jaxrs-api.jar") config.pki_master_dict['pki_jettison_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, @@ -648,16 +655,16 @@ class PKIConfigParser: os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-tomcat.jar") config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-atom-provider.jar") config.pki_master_dict['pki_resteasy_jaxb_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jaxb-provider.jar") config.pki_master_dict['pki_resteasy_jaxrs_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jaxrs.jar") config.pki_master_dict['pki_resteasy_jettison_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jettison-provider.jar") config.pki_master_dict['pki_scannotation_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, diff --git a/base/java-tools/pki b/base/java-tools/pki index e465fa926..07194c9ed 100755 --- a/base/java-tools/pki +++ b/base/java-tools/pki @@ -71,6 +71,9 @@ if( $ARCHITECTURE eq "i386" ) { ## order this command wrapper uses to find jar files. ## ############################################################################### +my $RESTEASY_LIB = `source /etc/pki/pki.conf && echo \$RESTEASY_LIB`; +chomp($RESTEASY_LIB); + $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:" . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:" . "/usr/share/java/${PRODUCT}/pki-tools.jar:" @@ -82,10 +85,10 @@ $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:" . "/usr/share/java/httpcomponents/httpclient.jar:" . "/usr/share/java/httpcomponents/httpcore.jar:" . "/usr/share/java/jaxb-api.jar:" - . "/usr/share/java/resteasy/jaxrs-api.jar:" - . "/usr/share/java/resteasy/resteasy-atom-provider.jar:" - . "/usr/share/java/resteasy/resteasy-jaxb-provider.jar:" - . "/usr/share/java/resteasy/resteasy-jaxrs.jar:" + . "${RESTEASY_LIB}/jaxrs-api.jar:" + . "${RESTEASY_LIB}/resteasy-atom-provider.jar:" + . "${RESTEASY_LIB}/resteasy-jaxb-provider.jar:" + . "${RESTEASY_LIB}/resteasy-jaxrs.jar:" . "/usr/share/java/servlet.jar:"; if( $ARCHITECTURE eq "x86_64" ) { diff --git a/base/java-tools/src/CMakeLists.txt b/base/java-tools/src/CMakeLists.txt index 96aae5c30..6ea69cae9 100644 --- a/base/java-tools/src/CMakeLists.txt +++ b/base/java-tools/src/CMakeLists.txt @@ -49,24 +49,21 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(RESTEASY_JAXRS_JAR NAMES resteasy-jaxrs.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(RESTEASY_ATOM_PROVIDER_JAR NAMES resteasy-atom-provider.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) find_file(HTTPCLIENT_JAR diff --git a/base/kra/src/CMakeLists.txt b/base/kra/src/CMakeLists.txt index d9ab25cd2..99088ce06 100644 --- a/base/kra/src/CMakeLists.txt +++ b/base/kra/src/CMakeLists.txt @@ -50,8 +50,7 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) # '${JAVA_LIB_INSTALL_DIR}' jars diff --git a/base/ocsp/src/CMakeLists.txt b/base/ocsp/src/CMakeLists.txt index 39468cadd..d3bdf0ed2 100644 --- a/base/ocsp/src/CMakeLists.txt +++ b/base/ocsp/src/CMakeLists.txt @@ -50,8 +50,7 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) # '${JAVA_LIB_INSTALL_DIR}' jars diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions index 058022efc..3f7f9553d 100644 --- a/base/setup/scripts/functions +++ b/base/setup/scripts/functions @@ -30,6 +30,10 @@ # 200-254 reserved # +if [ -f /etc/pki/pki.conf ] ; then + . /etc/pki/pki.conf +fi + # PKI subsystem-level directory and file values for locks lockfile="/var/lock/subsys/${SERVICE_NAME}" @@ -980,7 +984,7 @@ verify_symlinks() [xml-commons-apis.jar]=/usr/share/java/xml-commons-apis.jar [xml-commons-resolver.jar]=/usr/share/java/xml-commons-resolver.jar # dogtag 9 -> dogtag 10 - [resteasy-jaxrs.jar]=/usr/share/java/resteasy/resteasy-jaxrs.jar) + [resteasy-jaxrs.jar]=${RESTEASY_LIB}/resteasy-jaxrs.jar) if [ "${PKI_SUBSYSTEM_TYPE}" == "tks" ]; then webapps_jar_symlinks[symkey.jar]=${jni_dir}/symkey.jar diff --git a/base/tks/src/CMakeLists.txt b/base/tks/src/CMakeLists.txt index 0ff69ae3c..9d0d3a70a 100644 --- a/base/tks/src/CMakeLists.txt +++ b/base/tks/src/CMakeLists.txt @@ -50,8 +50,7 @@ find_file(JAXRS_API_JAR NAMES jaxrs-api.jar PATHS - /usr/share/java/resteasy - /usr/share/java/resteasy-base + ${RESTEASY_LIB} ) diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 8c3c7913e..f7481548c 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core Version: 10.0.0 -Release: %{?relprefix}54%{?prerel}%{?dist} +Release: %{?relprefix}55%{?prerel}%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -462,7 +462,6 @@ This package is a part of the PKI Core used by the Certificate System. %clean %{__rm} -rf %{buildroot} - %build %{__mkdir_p} build cd build @@ -471,6 +470,11 @@ cd build -DBUILD_PKI_CORE:BOOL=ON \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ +%if 0%{?rhel} + -DRESTEASY_LIB=/usr/share/java/resteasy-base \ +%else + -DRESTEASY_LIB=/usr/share/java/resteasy \ +%endif %{?_without_javadoc:-DWITH_JAVADOC:BOOL=OFF} \ %if ! 0%{?rhel} && 0%{?fedora} <= 17 -DBUILD_PKI_SELINUX:BOOL=ON \ @@ -809,7 +813,7 @@ fi %files -n pki-server %defattr(-,root,root,-) %doc base/deploy/LICENSE -%{_sysconfdir}/pki/default.cfg +%{_sysconfdir}/pki/ %{_sbindir}/pkispawn %{_sbindir}/pkidestroy #%{_bindir}/pki-setup-proxy @@ -820,6 +824,9 @@ fi %{_datadir}/pki/deployment/config/ %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/operations +%{_datadir}/pki/scripts/pkicommon.pm +%{_datadir}/pki/scripts/functions +%{_datadir}/pki/scripts/pki_apache_initscript %dir %{_localstatedir}/lock/pki %dir %{_localstatedir}/run/pki %{_bindir}/pkidaemon @@ -837,13 +844,7 @@ fi %{_bindir}/pkiremove %{_bindir}/pki-setup-proxy %{_bindir}/pkisilent -%dir %{_datadir}/pki/scripts -%{_datadir}/pki/scripts/pkicommon.pm -%{_datadir}/pki/scripts/functions -%{_datadir}/pki/scripts/pki_apache_initscript %{_datadir}/pki/silent/ -%dir %{_localstatedir}/lock/pki -%dir %{_localstatedir}/run/pki %{_bindir}/pkicontrol # Details: @@ -959,6 +960,10 @@ fi %changelog +* Thu Dec 6 2012 Endi S. Dewata 10.0.0-0.55.b3 +- Added system-wide configuration /etc/pki/pki.conf. +- Removed redundant lines in %files. + * Tue Dec 4 2012 Endi S. Dewata 10.0.0-0.54.b3 - Moved default deployment configuration to /etc/pki. -- cgit