From daaee4c591d884a2b85dc3f12dc772ec4abc8a2c Mon Sep 17 00:00:00 2001 From: mharmsen Date: Thu, 17 Dec 2009 17:11:46 +0000 Subject: Bugzilla Bug #529070 - rpm packaging problems (cannot reinstall correctly) Resolved by implementing a "registry". git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@892 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- pki/base/ca/LICENSE | 20 - pki/base/ca/build.xml | 30 +- pki/base/ca/setup/postinstall | 68 - pki/base/ca/shared/etc/init.d/httpd | 1241 ---------------- pki/base/ca/shared/etc/init.d/pki-cad | 1808 +++++++++++++++++++++++ pki/base/common/LICENSE | 20 - pki/base/common/build.xml | 22 - pki/base/common/setup/postinstall | 56 - pki/base/config/product.xml | 1 + pki/base/selinux/LICENSE | 20 - pki/base/setup/LICENSE | 20 - pki/base/setup/pkicommon | 16 + pki/base/setup/pkicreate | 741 ++++++++-- pki/base/setup/pkiremove | 142 +- pki/base/silent/LICENSE | 20 - pki/base/silent/templates/subca_silent.template | 4 +- 16 files changed, 2540 insertions(+), 1689 deletions(-) delete mode 100755 pki/base/ca/setup/postinstall delete mode 100755 pki/base/ca/shared/etc/init.d/httpd create mode 100755 pki/base/ca/shared/etc/init.d/pki-cad delete mode 100755 pki/base/common/setup/postinstall diff --git a/pki/base/ca/LICENSE b/pki/base/ca/LICENSE index e36f2269a..e281f4362 100644 --- a/pki/base/ca/LICENSE +++ b/pki/base/ca/LICENSE @@ -11,26 +11,6 @@ You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -In addition, as a special exception, Red Hat, Inc. gives You the additional -right to link the code of this Program with code not covered under the GNU -General Public License ("Non-GPL Code") and to distribute linked combinations -including the two, subject to the limitations in this paragraph. Non-GPL -Code permitted under this exception must only link to the code of this -Program through those well defined interfaces identified in the file named -EXCEPTION found in the source code files (the "Approved Interfaces"). - -The files of Non-GPL Code may instantiate templates or use macros or inline -functions from the Approved Interfaces without causing the resulting work to -be covered by the GNU General Public License. Only Red Hat, Inc. may make -changes or additions to the list of Approved Interfaces. You must obey the -GNU General Public License in all respects for all of the Program code and -other code used in conjunction with the Program except the Non-GPL Code -covered by this exception. If you modify this file, you may extend this -exception to your version of the file, but you are not obligated to do so. -If you do not wish to provide this exception without modification, you must -delete this exception statement from your version and license this file -solely under the GPL without exception. - GNU GENERAL PUBLIC LICENSE Version 2, June 1991 diff --git a/pki/base/ca/build.xml b/pki/base/ca/build.xml index 8795aeb6c..139e221cb 100644 --- a/pki/base/ca/build.xml +++ b/pki/base/ca/build.xml @@ -184,31 +184,30 @@ + prefix="usr/share/java"> - - - + + + - - + + prefix="${dist.name}/usr/share/java"> - - - + + + - - + -# Keith Irwin -# Nicolas Mailhot -# -# version 1.02 - Removed initlog support -# version 1.03 - Removed config: -# version 1.04 - tomcat will start before httpd and stop after httpd -# version 1.05 - jdk hardcoded to link /usr/java/jdk and tomcat runs -# as "nobody" -# version 1.06 - split up into script and config file -# version 1.07 - Rework from Nicolas ideas -# version 1.08 - Fix work dir permission at start time, switch to use tomcat4 -# version 1.09 - Fix pidfile and config tags -# version 1.10 - Fallback to su direct use on systems without -# Redhat/Mandrake init.d functions -# version 1.11 - Fix webapps dir permissions -# version 1.12 - remove initial start/stop level for chkconfig (- 80 20) -# version 1.13 - remove chown of logs/work/temp/webapps dir, -# owned by tomcat4 at install time -# version 1.14 - correct the start/stop ugly hack by waiting -# all the threads stops -# version 1.15 - ensure we're looking for TOMCAT_USER running catalina -# version 1.16 - Add support for CATALINA_PID env var -# version 1.17 - Remove run files only tomcat started correctl -# in start area, check that tomcat is not allready running -# version 1.18 - Fix kill typo (thanks Kaj J. Niemi) -# version 1.19 - Add jar relinking -# version 1.20 - Check there is no stalling tomcat4.pid -# version 1.20tc5 - Changed all instances of tomcat4 to -# tomcat5 except TOMCAT_USER -# version 1.20tc5rh - Changed TOMCAT_USER from tomcat4 to tomcat -# - -# Disallow 'others' the ability to 'write' to new files -umask 00002 - -# Check to insure that this script's original invocation directory -# has not been deleted! -CWD=`/bin/pwd > /dev/null 2>&1` -if [ $? -ne 0 ] ; then - echo "Cannot invoke '$0' from non-existent directory!" - exit 255 -fi - -# Check to insure that this script's associated PKI -# subsystem currently resides on this system. -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -if [ ! -d /usr/share/pki/${PKI_SUBSYSTEM_TYPE} ] ; then - echo "This machine is missing the '${PKI_SUBSYSTEM_TYPE}' subsystem!" - exit 255 -fi - -# Obtain the operating system upon which this script is being executed -OS=`uname -s` -ARCHITECTURE="" - -# This script must be run as root! -RV=0 -if [ ${OS} = "Linux" ] ; then - if [ `id -u` -ne 0 ] ; then - echo "Must be 'root' to execute '$0'!" - exit 1 - fi - ARCHITECTURE=`uname -i` -elif [ ${OS} = "SunOS" ] ; then - if [ `/usr/xpg4/bin/id -u` -ne 0 ] ; then - echo "Must be 'root' to execute '$0'!" - exit 1 - fi - ARCHITECTURE=`uname -p` - if [ "${ARCHITECTURE}" = "sparc" ] && - [ -d "/usr/lib/sparcv9/" ] ; then - ARCHITECTURE="sparcv9" - fi -else - echo "Unsupported OS '${OS}'!" - exit 1 -fi - -# Source function library. -if [ -f /etc/init.d/functions ]; then - . /etc/init.d/functions -else - # The checkpid() function is provided for platforms that do not - # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . - - # Check if ${pid} (could be plural) are running (keep count) - checkpid() - { - rv=0 - for i in $* ; do - ps -p $i > /dev/null 2>&1 ; - if [ $? -ne 0 ] ; then - rv=`expr $rv + 1` - else - rv=`expr $rv + 0` - fi - done - # echo "rv=$rv" - return $rv - } - - # Create the following directories on platforms - # where they do not exist (e. g. - Solaris) . . . - if [ ! -d /var/lock/subsys ] ; then - mkdir -p /var/lock/subsys - fi - - ####################################################################### - ## NOTE: The following code needs to eventually be moved into the ## - ## template used to create the ## - ## "[PKI_INSTANCE_PATH]/conf/tomcat5.conf" file! ## - ####################################################################### - - if [ ${OS} = "SunOS" ] ; then - DEFAULT_SOLARIS_JAVA_HOME="/usr/jdk/instances/jdk1.5.0/jre" - DEFAULT_LINUX_JAVA_HOME="/usr/lib/jvm/jre" - DEFAULT_LINUX_JAVA_HOME_PATH=`dirname ${DEFAULT_LINUX_JAVA_HOME}` - - # ensure that the Sun JRE 1.5.0 exists at the default location - if [ -d ${DEFAULT_SOLARIS_JAVA_HOME} ] ; then - # create the directory in which the symlink resides (if necessary) - if [ ! -d ${DEFAULT_LINUX_JAVA_HOME_PATH} ] ; then - mkdir -p ${DEFAULT_LINUX_JAVA_HOME_PATH} - fi - # create the actual symlink (if necessary) - if [ ! -h ${DEFAULT_LINUX_JAVA_HOME} ] ; then - ln -s ${DEFAULT_SOLARIS_JAVA_HOME} ${DEFAULT_LINUX_JAVA_HOME} - fi - else - # for now, simply exit with an appropriate error message - echo -n "The Solaris 1.5.0 JRE must be installed " - echo -n "at \"${DEFAULT_SOLARIS_JAVA_HOME}\"!" - echo - echo - exit 255 - fi - fi -fi - -#Use CATALINA_BASE - -CATALINA_BASE=[PKI_INSTANCE_PATH] -export CATALINA_BASE - -# Get Tomcat config - -TOMCAT_CFG="[PKI_INSTANCE_PATH]/conf/tomcat5.conf" - -[ -r "$TOMCAT_CFG" ] && . "${TOMCAT_CFG}" - -# Path to the tomcat launch script (direct don't use wrapper) -TOMCAT_SCRIPT=/usr/bin/dtomcat5-[PKI_INSTANCE_ID] - -# Path to the script that will refresh jar symlinks on startup -if [ ${OS} = "Linux" ] ; then - TOMCAT_RELINK_SCRIPT="/usr/share/tomcat5/bin/relink" -fi - -# Tomcat name :) -TOMCAT_PROG=[PKI_INSTANCE_ID] - -# if TOMCAT_USER is not set, use tomcat5 like Apache HTTP server -if [ -z "$TOMCAT_USER" ]; then - TOMCAT_USER="[PKI_USER]" -fi - -# if TOMCAT_GROUP is not set, use tomcat5 like Apache HTTP server -if [ -z "$TOMCAT_GROUP" ]; then - TOMCAT_GROUP="[PKI_GROUP]" -fi - -# Since the daemon function will sandbox $tomcat -# no environment stuff should be defined here anymore. -# Please use the [PKI_INSTANCE_PATH]/conf/tomcat5.conf -# file instead ; it will be read by the $tomcat script - -pidfile=${PIDFILE:-/var/run/[PKI_INSTANCE_ID].pid} -lockfile=${LOCKFILE:-/var/lock/subsys/[PKI_INSTANCE_ID]} -pki_instance_configuration_file=[PKI_INSTANCE_PATH]/conf/CS.cfg -RESTART_SERVER=[PKI_INSTANCE_PATH]/conf/restart_server_after_configuration -RETVAL=0 - -check_pki_configuration_status() -{ - rv=0 - - rv=`grep -c ^preop ${pki_instance_configuration_file}` - - rv=`expr ${rv} + 0` - - if [ ${rv} -ne 0 ] ; then - echo " '[PKI_INSTANCE_ID]' must still be CONFIGURED!" - echo " (see /var/log/[PKI_INSTANCE_ID]-install.log)" - elif [ -f ${RESTART_SERVER} ] ; then - echo " Although '[PKI_INSTANCE_ID]' has been CONFIGURED, it must still be RESTARTED!" - rv=255 - fi - - return ${rv} -} - -get_pki_status_definitions() -{ - # establish well-known strings - begin_pki_status_comment="" - end_pki_status_comment="" - total_ports=0 - unsecure_port_statement="Unsecure Port = " - secure_agent_port_statement="Secure Agent Port = " - secure_ee_port_statement="Secure EE Port = " - secure_admin_port_statement="Secure Admin Port = " - pki_console_port_statement="PKI Console Port = " - tomcat_port_statement="Tomcat Port = " - - # initialize looping variables - pki_status_comment_found=0 - - # first check to see that an instance-specific "server.xml" file exists - if [ ! -f [PKI_SERVER_XML_CONF] ] ; then - echo "File '[PKI_SERVER_XML_CONF]' does not exist!" - exit 255 - fi - - # read this instance-specific "server.xml" file line-by-line - # to obtain the current PKI Status Definitions - exec < [PKI_SERVER_XML_CONF] - while read line; do - # first look for the well-known end PKI Status comment - # (to turn off processing) - if [ "$line" == "$end_pki_status_comment" ] ; then - pki_status_comment_found=0 - break; - fi - - # then look for the well-known begin PKI Status comment - # (to turn on processing) - if [ "$line" == "$begin_pki_status_comment" ] ; then - pki_status_comment_found=1 - fi - - # once the well-known begin PKI Status comment has been found, - # begin processing to obtain all of the PKI Status Definitions - if [ $pki_status_comment_found -eq 1 ] ; then - # look for a PKI Status Definition and print it - head=`echo "$line" | cut -b1-20` - if [ "$head" == "$unsecure_port_statement" ] || - [ "$head" == "$secure_agent_port_statement" ] || - [ "$head" == "$secure_ee_port_statement" ] || - [ "$head" == "$secure_admin_port_statement" ] || - [ "$head" == "$pki_console_port_statement" ] || - [ "$head" == "$tomcat_port_statement" ] ; then - echo " $line" - total_ports=`expr ${total_ports} + 1` - fi - fi - done - - if [ ${total_ports} -eq 6 ] ; then - return 0 - else - return 255 - fi -} - -get_pki_configuration_definitions() -{ - # Obtain the PKI Subsystem Type - line=`grep ^cs.type= ${pki_instance_configuration_file}` - pki_subsystem=`echo "${line}" | cut -b9-` - if [ "${line}" != "" ] ; then - if [ "${pki_subsystem}" != "CA" ] && - [ "${pki_subsystem}" != "KRA" ] && - [ "${pki_subsystem}" != "OCSP" ] && - [ "${pki_subsystem}" != "TKS" ] && - [ "${pki_subsystem}" != "RA" ] && - [ "${pki_subsystem}" != "TPS" ] - then - return 255 - fi - if [ "${pki_subsystem}" == "KRA" ] ; then - # Rename "KRA" to "DRM" - pki_subsystem="DRM" - fi - else - return 255 - fi - - # If "${pki_subsystem}" is a CA, DRM, OCSP, or TKS, - # check to see if "${pki_subsystem}" is a "Clone" - pki_clone="" - if [ "${pki_subsystem}" == "CA" ] || - [ "${pki_subsystem}" == "DRM" ] || - [ "${pki_subsystem}" == "OCSP" ] || - [ "${pki_subsystem}" == "TKS" ] - then - line=`grep ^subsystem.select= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_clone=`echo "${line}" | cut -b18-` - if [ "${pki_clone}" != "Clone" ] ; then - # Reset "${pki_clone}" to be empty - pki_clone="" - fi - else - return 255 - fi - fi - - # If "${pki_subsystem}" is a CA, and is NOT a "Clone", check to - # see "${pki_subsystem}" is a "Root" or a "Subordinate" CA - pki_hierarchy="" - if [ "${pki_subsystem}" == "CA" ] && - [ "${pki_clone}" != "Clone" ] - then - line=`grep ^hierarchy.select= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_hierarchy=`echo "${line}" | cut -b18-` - else - return 255 - fi - fi - - # If ${pki_subsystem} is a CA, check to - # see if it is also a Security Domain - pki_security_domain="" - if [ "${pki_subsystem}" == "CA" ] ; then - line=`grep ^securitydomain.select= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain=`echo "${line}" | cut -b23-` - if [ "${pki_security_domain}" == "new" ] ; then - # Set a fixed value for "${pki_security_domain}" - pki_security_domain="(Security Domain)" - else - # Reset "${pki_security_domain}" to be empty - pki_security_domain="" - fi - else - return 255 - fi - fi - - # Always obtain this PKI instance's "registered" - # security domain information - pki_security_domain_name="" - pki_security_domain_hostname="" - pki_security_domain_https_admin_port="" - - line=`grep ^securitydomain.name= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_name=`echo "${line}" | cut -b21-` - else - return 255 - fi - - line=`grep ^securitydomain.host= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_hostname=`echo "${line}" | cut -b21-` - else - return 255 - fi - - line=`grep ^securitydomain.httpsadminport= ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_https_admin_port=`echo "${line}" | cut -b31-` - else - return 255 - fi - - # Compose the "PKI Instance Name" Status Line - pki_instance_name="PKI Instance Name: [PKI_INSTANCE_ID]" - - # Compose the "PKI Subsystem Type" Status Line - header="PKI Subsystem Type: " - if [ "${pki_clone}" != "" ] ; then - if [ "${pki_security_domain}" != "" ]; then - # Possible Values: - # - # "CA Clone (Security Domain)" - # - data="${pki_subsystem} ${pki_clone} ${pki_security_domain}" - else - # Possible Values: - # - # "CA Clone" - # "DRM Clone" - # "OCSP Clone" - # "TKS Clone" - # - data="${pki_subsystem} ${pki_clone}" - fi - elif [ "${pki_hierarchy}" != "" ] ; then - if [ "${pki_security_domain}" != "" ]; then - # Possible Values: - # - # "Root CA (Security Domain)" - # "Subordinate CA (Security Domain)" - # - data="${pki_hierarchy} ${pki_subsystem} ${pki_security_domain}" - else - # Possible Values: - # - # "Root CA" - # "Subordinate CA" - # - data="${pki_hierarchy} ${pki_subsystem}" - fi - else - # Possible Values: - # - # "DRM" - # "OCSP" - # "RA" - # "TKS" - # "TPS" - # - data="${pki_subsystem}" - fi - pki_subsystem_type="${header} ${data}" - - # Compose the "Registered PKI Security Domain Information" Status Line - header="Name: " - registered_pki_security_domain_name="${header} ${pki_security_domain_name}" - - header="URL: " - if [ "${pki_security_domain_hostname}" != "" ] && - [ "${pki_security_domain_https_admin_port}" != "" ] - then - data="https://${pki_security_domain_hostname}:${pki_security_domain_https_admin_port}" - else - return 255 - fi - registered_pki_security_domain_url="${header} ${data}" - - # Print the "PKI Subsystem Type" Status Line - echo - echo " ${pki_instance_name}" - - # Print the "PKI Subsystem Type" Status Line - echo - echo " ${pki_subsystem_type}" - - # Print the "Registered PKI Security Domain Information" Status Line - echo - echo " Registered PKI Security Domain Information:" - echo " ==========================================================================" - echo " ${registered_pki_security_domain_name}" - echo " ${registered_pki_security_domain_url}" - echo " ==========================================================================" - - return 0 -} - -get_pki_secure_port() -{ - # establish well-known strings - begin_ssl_comment="" - end_ssl_comment="" - connector_statement="&1; then - echo - echo "process already running" - return 255 - else - echo - echo -n "lock file found but no process " - echo -n "running for pid $kpid, continuing" - echo - echo - fi - fi - fi - - CATALINA_PID=${pidfile} - export CATALINA_PID - touch $CATALINA_PID - chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID - [ -x /sbin/restorecon ] && /sbin/restorecon $CATALINA_PID - - # restore context for ncipher hsm - [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast - - # Always initialize CLASSPATH to start looking - # in the local PKI classes directory . . . - CLASSPATH=/usr/share/[PKI_FLAVOR]/classes - - if [ ${OS} = "Linux" ] ; then - $TOMCAT_RELINK_SCRIPT - elif [ ${OS} = "SunOS" ] ; then - # The following definitions are provided for Solaris - # platforms since they are unable to execute the - # "/usr/share/tomcat5/bin/relink", - # "/usr/bin/rebuild-jar-repository", and - # "/usr/share/java-utils/java-functions" files . . . - - ####################################### - ## /var/lib/tomcat5/common/lib: - ####################################### - - # Build the tomcat jar classpath . . . - CLASSPATH="$CLASSPATH":/usr/share/java/ant.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-collections.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-dbcp.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging-api.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-pool.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-ejb-2.1.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-1.4.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-connector-1.5.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-management-1.0.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2eeschema-1.0.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jms-1.1.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jsp-2.0.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jta-1.0.1B.jar - CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-servlet-2.4.jar - CLASSPATH="$CLASSPATH":/usr/share/java/jaf.jar - CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-collections.jar - CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-modeler.jar - CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-compiler.jar - CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-runtime.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/imap.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/mailapi.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/nntp.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/pop3.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/providers.jar - CLASSPATH="$CLASSPATH":/usr/share/java/javamail/smtp.jar - - # BEGIN LINUX-SPECIFIC FILE - # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar - # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar - # CLASSPATH="$CLASSPATH":/usr/share/java/jsp.jar - # END LINUX-SPECIFIC FILE - - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar - - # BEGIN LINUX-SPECIFIC FILE - # CLASSPATH="$CLASSPATH":/usr/share/java/servlet.jar - # END LINUX-SPECIFIC FILE - - CLASSPATH="$CLASSPATH":/usr/share/java/avalon-logkit.jar - CLASSPATH="$CLASSPATH":/usr/share/java/cmsutil.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar - if [ "$ARCHITECTURE" = "sparc" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar - elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar - fi - CLASSPATH="$CLASSPATH":/usr/share/java/ldapjdk.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-factory.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-resources.jar - CLASSPATH="$CLASSPATH":/usr/share/java/pki/nsutil.jar - if [ "$ARCHITECTURE" = "sparc" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/java/osutil.jar - elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/osutil.jar - fi - CLASSPATH="$CLASSPATH":/usr/share/java/rhino.jar - CLASSPATH="$CLASSPATH":/usr/share/java/servletapi5.jar - if [ "$ARCHITECTURE" = "sparc" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/java/symkey.jar - elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/symkey.jar - fi - CLASSPATH="$CLASSPATH":/usr/share/java/velocity.jar - CLASSPATH="$CLASSPATH":/usr/share/java/xalan-j2.jar - CLASSPATH="$CLASSPATH":/usr/share/java/xerces-j2.jar - - # Relink tomcat jar repositories . . . - cd /var/lib/tomcat5/common/lib - - if [ ! -e /var/lib/tomcat5/common/lib/\[ant\].jar ]; then - ln -s /usr/share/java/ant.jar [ant].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-collections\].jar ]; then - ln -s /usr/share/java/commons-collections.jar [commons-collections].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-dbcp\].jar ]; then - ln -s /usr/share/java/commons-dbcp.jar [commons-dbcp].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-el\].jar ]; then - ln -s /usr/share/java/commons-el.jar [commons-el].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-logging-api\].jar ]; then - ln -s /usr/share/java/commons-logging-api.jar [commons-logging-api].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-pool\].jar ]; then - ln -s /usr/share/java/commons-pool.jar [commons-pool].jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-ejb-2.1-rc2.jar [geronimo]spec-ejb-2.1-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1.jar ]; then - ln -s /usr/share/java/geronimo/spec-ejb-2.1.jar [geronimo]spec-ejb-2.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-1.4-rc2.jar [geronimo]spec-j2ee-1.4-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-1.4.jar [geronimo]spec-j2ee-1.4.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5-rc2.jar [geronimo]spec-j2ee-connector-1.5-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5.jar [geronimo]spec-j2ee-connector-1.5.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1-rc2.jar [geronimo]spec-j2ee-deployment-1.1-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar [geronimo]spec-j2ee-deployment-1.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0-rc2.jar [geronimo]spec-j2ee-jacc-1.0-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar [geronimo]spec-j2ee-jacc-1.0.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0-rc2.jar [geronimo]spec-j2ee-management-1.0-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0.jar [geronimo]spec-j2ee-management-1.0.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0\-M2.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0-M2.jar [geronimo]spec-j2eeschema-1.0-M2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0.jar ]; then - ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0.jar [geronimo]spec-j2eeschema-1.0.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-jms-1.1-rc2.jar [geronimo]spec-jms-1.1-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1.jar ]; then - ln -s /usr/share/java/geronimo/spec-jms-1.1.jar [geronimo]spec-jms-1.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-jsp-2.0-rc2.jar [geronimo]spec-jsp-2.0-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0.jar ]; then - ln -s /usr/share/java/geronimo/spec-jsp-2.0.jar [geronimo]spec-jsp-2.0.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec-jta-1.0.1B-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-jta-1.0.1B-rc2.jar [geronimo]spec-jta-1.0.1B-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jta\-1.0.1B.jar ]; then - ln -s /usr/share/java/geronimo/spec-jta-1.0.1B.jar [geronimo]spec-jta-1.0.1B.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4\-rc2.jar ]; then - ln -s /usr/share/java/geronimo/spec-servlet-2.4-rc2.jar [geronimo]spec-servlet-2.4-rc2.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4.jar ]; then - ln -s /usr/share/java/geronimo/spec-servlet-2.4.jar [geronimo]spec-servlet-2.4.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[jaf\].jar ]; then - ln -s /usr/share/java/jaf.jar [jaf].jar - fi - - ### BEGIN SOLARIS-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-collections.jar\] ]; then - ### ln -s /usr/share/java/jakarta-commons-collections.jar [jakarta-commons-collections.jar] - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-modeler.jar\] ]; then - ### ln -s /usr/share/java/jakarta-commons-modeler.jar [jakarta-commons-modeler.jar] - ### fi - ### END SOLARIS-SPECIFIC LINKS - - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-compiler\].jar ]; then - ### ln -s /usr/share/java/jasper5-compiler.jar [jasper5-compiler].jar - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-runtime\].jar ]; then - ### ln -s /usr/share/java/jasper5-runtime.jar [jasper5-runtime].jar - ### fi - - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/imap-1.3.1.jar [javamail]imap-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap.jar ]; then - ln -s /usr/share/java/javamail/imap.jar [javamail]imap.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/mailapi-1.3.1.jar [javamail]mailapi-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi.jar ]; then - ln -s /usr/share/java/javamail/mailapi.jar [javamail]mailapi.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/nntp-1.3.1.jar [javamail]nntp-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp.jar ]; then - ln -s /usr/share/java/javamail/nntp.jar [javamail]nntp.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/pop3-1.3.1.jar [javamail]pop3-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3.jar ]; then - ln -s /usr/share/java/javamail/pop3.jar [javamail]pop3.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/providers-1.3.1.jar [javamail]providers-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers.jar ]; then - ln -s /usr/share/java/javamail/providers.jar [javamail]providers.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp\-1.3.1.jar ]; then - ln -s /usr/share/java/javamail/smtp-1.3.1.jar [javamail]smtp-1.3.1.jar - fi - if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp.jar ]; then - ln -s /usr/share/java/javamail/smtp.jar [javamail]smtp.jar - fi - - ### BEGIN LINUX-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtCompilerAdapter\].jar ]; then - ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtcore\].jar ]; then - ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/\[jsp\].jar ]; then - ### ln -s /usr/share/java/jsp.jar [jsp].jar - ### fi - ### END LINUX-SPECIFIC LINKS - - if [ ! -e /var/lib/tomcat5/common/lib/\[mx4j\]\[mx4j\].jar ]; then - ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar - fi - - ### BEGIN LINUX-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/common/lib/\[servlet\].jar ]; then - ### ln -s /usr/share/java/servlet.jar [servlet].jar - ### fi - ### END LINUX-SPECIFIC LINKS - - ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK - if [ ! -e /var/lib/tomcat5/common/lib/avalon\-logkit.jar ]; then - ln -s /usr/share/java/avalon-logkit.jar avalon-logkit.jar - fi - ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK - - ### if [ ! -e /var/lib/tomcat5/common/lib/cmsutil.jar ]; then - ### ln -s /usr/share/java/rphki/cmsutil.jar cmsutil.jar - ### fi - - ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK - if [ ! -e /var/lib/tomcat5/common/lib/commons\-logging.jar ]; then - ln -s /usr/share/java/commons-logging.jar commons-logging.jar - fi - ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK - - ### if [ ! -e /var/lib/tomcat5/common/lib/jss4.jar ]; then - ### if [ "$ARCHITECTURE" = "sparc" ] ; then - ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar - ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar - ### fi - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/ldapjdk.jar ]; then - ### ln -s /usr/share/java/ldapjdk.jar ldapjdk.jar - ### fi - - ### naming-factory.jar - ### naming-resources.jar - - ### if [ ! -e /var/lib/tomcat5/common/lib/nsutil.jar ]; then - ### ln -s /usr/share/java/pki/nsutil.jar nsutil.jar - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/osutil.jar ]; then - ### if [ "$ARCHITECTURE" = "sparc" ] ; then - ### ln -s /usr/lib/java/osutil.jar osutil.jar - ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - ### ln -s /usr/lib/sparcv9/java/osutil.jar osutil.jar - ### fi - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/rhino.jar ]; then - ### ln -s /usr/share/java/rhino.jar rhino.jar - ### fi - - ### BEGIN SOLARIS-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/common/lib/\[servletapi5.jar\] ]; then - ### ln -s /usr/share/java/servletapi5.jar [servletapi5.jar] - ### fi - ### END SOLARIS-SPECIFIC LINKS - - ### if [ ! -e /var/lib/tomcat5/common/lib/symkey.jar ]; then - ### if [ "$ARCHITECTURE" = "sparc" ] ; then - ### ln -s /usr/lib/java/symkey.jar symkey.jar - ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - ### ln -s /usr/lib/sparcv9/java/symkey.jar symkey.jar - ### fi - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/velocity.jar ]; then - ### ln -s /usr/share/java/velocity.jar velocity.jar - ### fi - ### if [ ! -e /var/lib/tomcat5/common/lib/xalan\-j2.jar ]; then - ### ln -s /usr/share/java/xalan-j2.jar xalan-j2.jar - ### fi - - if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2\-2.6.2.jar ]; then - ln -s /usr/share/java/xerces-j2-2.6.2.jar xerces-j2-2.6.2.jar - fi - - ### if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2.jar ]; then - ### ln -s /usr/share/java/xerces-j2.jar xerces-j2.jar - ### fi - - - ####################################### - ## /var/lib/tomcat5/common/endorsed: - ####################################### - - # Build the tomcat jar classpath . . . - CLASSPATH="$CLASSPATH":/usr/share/java/xml-commons-apis.jar - - # BEGIN LINUX-SPECIFIC FILE - # CLASSPATH="$CLASSPATH":/usr/share/java/jaxp_parser_impl.jar - # END LINUX-SPECIFIC FILE - - - # Relink tomcat jar repositories . . . - cd /var/lib/tomcat5/common/endorsed - - ### BEGIN LINUX-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/common/endorsed/\[jaxp_parser_impl\].jar ]; then - ### ln -s /usr/share/java/jaxp_parser_impl.jar [jaxp_parser_impl].jar - ### fi - ### END LINUX-SPECIFIC LINKS - - if [ ! -e /var/lib/tomcat5/common/endorsed/\[xml\-commons\-apis\].jar ]; then - ln -s /usr/share/java/xml-commons-apis.jar [xml-commons-apis].jar - fi - - - ####################################### - ## /var/lib/tomcat5/server/lib: - ####################################### - - # Build the tomcat jar classpath . . . - CLASSPATH="$CLASSPATH":/usr/share/java/catalina-ant5.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-beanutils.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-digester.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-fileupload.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar - CLASSPATH="$CLASSPATH":/usr/share/java/commons-modeler.jar - - # BEGIN LINUX-SPECIFIC FILE - # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar - # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar - # END LINUX-SPECIFIC FILE - - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar - CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar - CLASSPATH="$CLASSPATH":/usr/share/java/regexp.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-cluster.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-optional.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-storeconfig.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina.jar - if [ "$ARCHITECTURE" = "sparc" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar - elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar - fi - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-cgi.renametojar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-default.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-invoker.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-ssi.renametojar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-webdav.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-ajp.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-coyote.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-http.jar - CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-util.jar - CLASSPATH="$CLASSPATH":/usr/share/java/tomcatjss.jar - - - # Relink tomcat jar repositories . . . - cd /var/lib/tomcat5/server/lib - - if [ ! -e /var/lib/tomcat5/server/lib/\[catalina\-ant5\].jar ]; then - ln -s /usr/share/java/catalina-ant5.jar [catalina-ant5].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-beanutils\].jar ]; then - ln -s /usr/share/java/commons-beanutils.jar [commons-beanutils].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-digester\].jar ]; then - ln -s /usr/share/java/commons-digester.jar [commons-digester].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-el\].jar ]; then - ln -s /usr/share/java/commons-el.jar [commons-el].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-fileupload\].jar ]; then - ln -s /usr/share/java/commons-fileupload.jar [commons-fileupload].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-logging\].jar ]; then - ln -s /usr/share/java/commons-logging.jar [commons-logging].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-modeler\].jar ]; then - ln -s /usr/share/java/commons-modeler.jar [commons-modeler].jar - fi - - ### BEGIN LINUX-SPECIFIC LINKS - ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtCompilerAdapter\].jar ]; then - ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar - ### fi - ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtcore\].jar ]; then - ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar - ### fi - ### END LINUX-SPECIFIC LINKS - - if [ ! -e /var/lib/tomcat5/server/lib/\[mx4j\]\[mx4j\].jar ]; then - ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar - fi - if [ ! -e /var/lib/tomcat5/server/lib/\[regexp\].jar ]; then - ln -s /usr/share/java/regexp.jar [regexp].jar - fi - - ### catalina-cluster.jar - ### catalina-optional.jar - ### catalina-storeconfig.jar - ### catalina.jar - ### if [ ! -e /var/lib/tomcat5/server/lib/jss4.jar ]; then - ### if [ "$ARCHITECTURE" = "sparc" ] ; then - ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar - ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then - ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar - ### fi - ### fi - ### servlets-cgi.renametojar - ### servlets-default.jar - ### servlets-invoker.jar - ### servlets-ssi.renametojar - ### servlets-webdav.jar - ### tomcat-ajp.jar - ### tomcat-coyote.jar - ### tomcat-http.jar - ### tomcat-util.jar - ### if [ ! -e /var/lib/tomcat5/server/lib/tomcatjss.jar ]; then - ### ln -s /usr/share/java/tomcatjss.jar tomcatjss.jar - ### fi - - - ####################################### - ## /var/lib/tomcat5/shared/lib: - ####################################### - - # Build the tomcat jar classpath . . . - - export CLASSPATH - - - # Relink tomcat jar repositories . . . - cd /var/lib/tomcat5/shared/lib - fi - - # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start - if [ ${OS} = "SunOS" ] ; then - su $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null - else - runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null - fi - - RETVAL=$? - [ $RETVAL = 0 ] && touch ${lockfile} - - if [ $RETVAL = 0 ] ; then - count=0; - - let swait=$STARTUP_WAIT - while [ ! -s ${pidfile} ] && - [ $count -lt $swait ] - do - echo -n "." - sleep 1 - let count=$count+1; - done - - if [ -f /etc/init.d/functions ]; then - if [ "$CONSOLETYPE" = "serial" ]; then - echo -n " " - fi - echo_success - echo - else - echo " [ OK ]" - fi - - get_pki_secure_port - if [ $? -ne 0 ] ; then - PKI_SECURE_PORT="" - fi - - echo - status - else - if [ -f /etc/init.d/functions ]; then - if [ "$CONSOLETYPE" = "serial" ]; then - echo -n " " - fi - echo_failure - echo - else - echo " [ FAILED ]" - fi - fi - - sleep 5 - return $RETVAL -} - -stop() -{ - echo -n "Stopping $TOMCAT_PROG: " - - if [ -f ${lockfile} ] ; then - CATALINA_PID=${pidfile} - export CATALINA_PID - - # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop - if [ ${OS} = "SunOS" ] ; then - su $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null - else - runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null - fi - - RETVAL=$? - - if [ $RETVAL = 0 ]; then - count=0; - - if [ -f ${pidfile} ]; then - read kpid < ${pidfile} - let kwait=$SHUTDOWN_WAIT - - until [ `ps -p $kpid | grep -c $kpid` = '0' ] || - [ $count -gt $kwait ] - do - echo -n "." - sleep 1 - let count=$count+1; - done - - if [ $count -gt $kwait ]; then - kill -9 $kpid - fi - fi - - rm -f ${lockfile} - rm -f ${pidfile} - - if [ -f /etc/init.d/functions ]; then - if [ "$CONSOLETYPE" = "serial" ]; then - echo -n " " - fi - echo_success - echo - else - echo " [ OK ]" - fi - else - if [ -f /etc/init.d/functions ]; then - if [ "$CONSOLETYPE" = "serial" ]; then - echo -n " " - fi - echo_failure - echo - else - echo " [ FAILED ]" - fi - fi - else - echo - echo "process already stopped" - fi -} - -status() -{ - if [ -f ${pidfile} ] ; then - pid=`cat ${pidfile}` - if [ "${pid}" == "" ] ; then - echo "[PKI_INSTANCE_ID] pid file exists but is empty" - elif kill -0 ${pid} > /dev/null 2>&1 ; then - echo "[PKI_INSTANCE_ID] (pid ${pid}) is running ..." - echo - check_pki_configuration_status - if [ $? -eq 0 ] ; then - get_pki_status_definitions - if [ $? -ne 0 ] ; then - echo - echo "[PKI_INSTANCE_ID] Status Definitions not found" - fi - get_pki_configuration_definitions - if [ $? -ne 0 ] ; then - echo - echo "[PKI_INSTANCE_ID] Configuration Definitions not found" - fi - fi - echo - else - echo "[PKI_INSTANCE_ID] is dead but pid file exists" - fi - else - echo "[PKI_INSTANCE_ID] is stopped" - fi -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - sleep 2 - start - ;; - condrestart) - if [ -f ${pidfile} ] ; then - stop - sleep 2 - start - else - echo -n "Unable to restart process since " - echo -n "'${pidfile}' does not exist!" - echo - fi - ;; - status) - status - ;; - *) - echo "Usage: $TOMCAT_PROG {start|stop|restart|condrestart|status}" - exit 1 -esac - -exit $RETVAL - diff --git a/pki/base/ca/shared/etc/init.d/pki-cad b/pki/base/ca/shared/etc/init.d/pki-cad new file mode 100755 index 000000000..be68eed2e --- /dev/null +++ b/pki/base/ca/shared/etc/init.d/pki-cad @@ -0,0 +1,1808 @@ +#!/bin/bash +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK ### --- +# +# pki-cad Startup script for Tomcat 5.0 pki-ca, the Apache Servlet Engine +# +# chkconfig: - 81 19 +# description: Certificate Authority \ +# (Tomcat 5.0) +# processname: pki-cad +# piddir: /var/run/pki/ca +# config: ${PKI_INSTANCE_PATH}/conf/tomcat5.conf +# +# Gomez Henri +# Keith Irwin +# Nicolas Mailhot +# +# version 1.02 - Removed initlog support +# version 1.03 - Removed config: +# version 1.04 - tomcat will start before httpd and stop after httpd +# version 1.05 - jdk hardcoded to link /usr/java/jdk and tomcat runs +# as "nobody" +# version 1.06 - split up into script and config file +# version 1.07 - Rework from Nicolas ideas +# version 1.08 - Fix work dir permission at start time, switch to use tomcat4 +# version 1.09 - Fix pidfile and config tags +# version 1.10 - Fallback to su direct use on systems without +# Redhat/Mandrake init.d functions +# version 1.11 - Fix webapps dir permissions +# version 1.12 - remove initial start/stop level for chkconfig (- 80 20) +# version 1.13 - remove chown of logs/work/temp/webapps dir, +# owned by tomcat4 at install time +# version 1.14 - correct the start/stop ugly hack by waiting +# all the threads stops +# version 1.15 - ensure we're looking for TOMCAT_USER running catalina +# version 1.16 - Add support for CATALINA_PID env var +# version 1.17 - Remove run files only tomcat started correctl +# in start area, check that tomcat is not allready running +# version 1.18 - Fix kill typo (thanks Kaj J. Niemi) +# version 1.19 - Add jar relinking +# version 1.20 - Check there is no stalling tomcat4.pid +# version 1.20tc5 - Changed all instances of tomcat4 to +# tomcat5 except TOMCAT_USER +# version 1.20tc5rh - Changed TOMCAT_USER from tomcat4 to tomcat +# + +PKI_INIT_SCRIPT="" +PKI_PATH="/usr/share/pki/ca" +PKI_PIDDIR="/var/run/pki/ca" +PKI_PROCESS="pki-cad" +PKI_REGISTRY="/etc/sysconfig/pki/ca" +PKI_TYPE="pki-ca" + +# PKI subsystem-level directory and file values for locks +lockfile="/var/lock/subsys/pki-cad" + +# Disallow 'others' the ability to 'write' to new files +umask 00002 + +default_error=0 +command="$1" +pki_instance="$2" +case "${command}" in + start|stop|restart|condrestart|force-restart|try-restart) + # * 1 generic or unspecified error (current practice) + default_error=1 + ;; + reload) + default_error=3 + ;; + status) + # * 4 program or service status is unknown + default_error=4 + ;; + *) + # * 2 invalid argument(s) + default_error=2 + ;; +esac + +# Check to insure that this script's original invocation directory +# has not been deleted! +CWD=`/bin/pwd > /dev/null 2>&1` +if [ $? -ne 0 ] ; then + echo "Cannot invoke '$0' from non-existent directory!" + exit ${default_error} +fi + +# Check to insure that this script's associated PKI +# subsystem currently resides on this system. +if [ ! -d ${PKI_PATH} ] ; then + echo "This machine is missing the '${PKI_TYPE}' subsystem!" + if [ "${command}" != "status" ]; then + # * 5 program is not installed + exit 5 + else + exit ${default_error} + fi +fi + +# Check to insure that this script's associated PKI +# subsystem instance registry currently resides on this system. +if [ ! -d ${PKI_REGISTRY} ] ; then + echo "This machine contains no registered '${PKI_TYPE}' subsystem instances!" + if [ "${command}" != "status" ]; then + # * 5 program is not installed + exit 5 + else + exit ${default_error} + fi +fi + +# Obtain the operating system upon which this script is being executed +OS=`uname -s` +ARCHITECTURE="" + +# This script must be run as root! +RV=0 +if [ ${OS} = "Linux" ] ; then + PKI_INIT_SCRIPT="/sbin/service ${PKI_PROCESS}" + if [ `id -u` -ne 0 ] ; then + echo "Must be 'root' to execute '$0'!" + if [ "${command}" != "status" ]; then + # * 4 user had insufficient privilege + exit 4 + else + # * 4 program or service status is unknown + exit 4 + fi + fi + ARCHITECTURE=`uname -i` +elif [ ${OS} = "SunOS" ] ; then + PKI_INIT_SCRIPT="/etc/init.d/${PKI_PROCESS}" + if [ `/usr/xpg4/bin/id -u` -ne 0 ] ; then + echo "Must be 'root' to execute '$0'!" + if [ "${command}" != "status" ]; then + # * 4 user had insufficient privilege + exit 4 + else + # * 4 program or service status is unknown + exit 4 + fi + fi + ARCHITECTURE=`uname -p` + if [ "${ARCHITECTURE}" = "sparc" ] && + [ -d "/usr/lib/sparcv9/" ] ; then + ARCHITECTURE="sparcv9" + fi +else + echo "Unsupported OS '${OS}'!" + exit ${default_error} +fi + +# Source function library. +if [ -f /etc/init.d/functions ]; then + . /etc/init.d/functions +else + # The checkpid() function is provided for platforms that do not + # contain the "/etc/init.d/functions" file (e. g. - Solaris) . . . + + # Check if ${pid} (could be plural) are running (keep count) + checkpid() + { + rv=0 + for i in $* ; do + ps -p $i > /dev/null 2>&1 ; + if [ $? -ne 0 ] ; then + rv=`expr ${rv} + 1` + else + rv=`expr ${rv} + 0` + fi + done + # echo "rv=${rv}" + return ${rv} + } + + # Create the following directories on platforms + # where they do not exist (e. g. - Solaris) . . . + if [ ! -d "/var/lock" ] ; then + mkdir -p /var/lock + chown root:sys /var/lock + chmod 00755 /var/lock + fi + if [ ! -d "/var/lock/subsys" ] ; then + mkdir -p /var/lock/subsys + chown root:root /var/lock/subsys + chmod 00755 /var/lock/subsys + fi + + ####################################################################### + ## NOTE: The following code needs to eventually be moved into the ## + ## template used to create the ## + ## "${PKI_INSTANCE_PATH}/conf/tomcat5.conf" file! ## + ####################################################################### + + if [ ${OS} = "SunOS" ] ; then + DEFAULT_SOLARIS_JAVA_HOME="/usr/jdk/instances/jdk1.5.0/jre" + DEFAULT_LINUX_JAVA_HOME="/usr/lib/jvm/jre" + DEFAULT_LINUX_JAVA_HOME_PATH=`dirname ${DEFAULT_LINUX_JAVA_HOME}` + + # ensure that the Sun JRE 1.5.0 exists at the default location + if [ -d ${DEFAULT_SOLARIS_JAVA_HOME} ] ; then + # create the directory in which the symlink resides (if necessary) + if [ ! -d ${DEFAULT_LINUX_JAVA_HOME_PATH} ] ; then + mkdir -p ${DEFAULT_LINUX_JAVA_HOME_PATH} + fi + # create the actual symlink (if necessary) + if [ ! -h ${DEFAULT_LINUX_JAVA_HOME} ] ; then + ln -s ${DEFAULT_SOLARIS_JAVA_HOME} ${DEFAULT_LINUX_JAVA_HOME} + fi + else + # for now, simply exit with an appropriate error message + echo -n "The Solaris 1.5.0 JRE must be installed " + echo -n "at \"${DEFAULT_SOLARIS_JAVA_HOME}\"!" + echo + echo + exit ${default_error} + fi + fi +fi + +PKI_REGISTRY_ENTRIES="" +TOTAL_PKI_REGISTRY_ENTRIES=0 +TOTAL_UNCONFIGURED_PKI_ENTRIES=0 + +# Gather ALL registered instances of this PKI subsystem type +for FILE in `/bin/ls -1 ${PKI_REGISTRY}/* 2>/dev/null`; do + if [ -f "$FILE" ] ; then + inst=`echo "$FILE"` + PKI_REGISTRY_ENTRIES="${PKI_REGISTRY_ENTRIES} $inst" + TOTAL_PKI_REGISTRY_ENTRIES=`expr ${TOTAL_PKI_REGISTRY_ENTRIES} + 1` + fi +done + +if [ -n "${pki_instance}" ]; then + for I in ${PKI_REGISTRY_ENTRIES}; do + if [ "${PKI_REGISTRY}/${pki_instance}" = "$I" ]; then + PKI_REGISTRY_ENTRIES="${PKI_REGISTRY}/${pki_instance}" + TOTAL_PKI_REGISTRY_ENTRIES=1 + break + fi + done +fi + +usage() +{ + echo -n "Usage: ${PKI_INIT_SCRIPT} " + echo -n "{start" + echo -n "|stop" + echo -n "|restart" + echo -n "|condrestart" + echo -n "|force-restart" + echo -n "|try-restart" + echo -n "|reload" + echo -n "|status} " + echo -n "[instance-name]" + echo + echo +} + +list_instances() +{ + echo + for FILE in `/bin/ls -1 ${PKI_REGISTRY}/* 2>/dev/null`; do + echo " ${FILE}" + done + echo +} + +# Check arguments +if [ $# -lt 1 ] ; then + # * 3 unimplemented feature (for example, "reload") + # [insufficient arguments] + echo "$0: Insufficient arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + exit 3 +elif [ ${default_error} -eq 2 ] ; then + # * 2 invalid argument + echo "$0: Invalid arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + exit 2 +elif [ $# -gt 2 ] ; then + echo "$0: Excess arguments!" + echo + usage + echo "where valid instance names include:" + list_instances + if [ "${command}" != "status" ]; then + # * 2 excess arguments + exit 2 + else + # * 4 program or service status is unknown + exit 4 + fi +fi + +# If an "instance" was supplied, check that it is a "valid" instance +if [ -n "${pki_instance}" ]; then + if [ "${PKI_REGISTRY}/${pki_instance}" != "${PKI_REGISTRY_ENTRIES}" ]; then + echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance" + echo_failure + echo + if [ "${command}" != "status" ]; then + # * 5 program is not installed + exit 5 + else + # * 4 program or service status is unknown + exit 4 + fi + fi +fi + +# On Solaris /var/run is in tmpfs and gets wiped out upon reboot +# we have to recreate the ${PKI_PIDDIR} directory and make sure that +# the directory is writable by the ${PKI_TYPE} server process. +# +# IMPORTANT: ALL PKI subsystems installed on this machine MUST utilize +# the SAME values for ${PKI_GROUP} and ${PKI_USER}, since the +# "${PKI_PIDDIR}" will end up with the ownership permissions +# of the first instance that executes this function! +# +fix_pid_dir_ownership() +{ + if [ ! -d ${PKI_PIDDIR} ] ; then + mkdir -p ${PKI_PIDDIR} + + chown root:root /var/run/pki + chmod 00755 /var/run/pki + + chown root:root ${PKI_PIDDIR} + chmod 00755 ${PKI_PIDDIR} + fi +} + +check_pki_configuration_status() +{ + rv=0 + + rv=`grep -c ^preop ${pki_instance_configuration_file}` + + rv=`expr ${rv} + 0` + + if [ ${rv} -ne 0 ] ; then + echo " '${PKI_INSTANCE_ID}' must still be CONFIGURED!" + echo " (see /var/log/${PKI_INSTANCE_ID}-install.log)" + if [ "${command}" != "status" ]; then + # * 6 program is not configured + rv=6 + else + # * 4 program or service status is unknown + rv=4 + fi + TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1` + elif [ -f ${RESTART_SERVER} ] ; then + echo -n " Although '${PKI_INSTANCE_ID}' has been CONFIGURED, " + echo -n "it must still be RESTARTED!" + echo + if [ "${command}" != "status" ]; then + # * 1 generic or unspecified error (current practice) + rv=1 + else + # * 4 program or service status is unknown + rv=4 + fi + fi + + return ${rv} +} + +get_pki_status_definitions() +{ + # establish well-known strings + begin_pki_status_comment="" + end_pki_status_comment="" + total_ports=0 + unsecure_port_statement="Unsecure Port = " + secure_agent_port_statement="Secure Agent Port = " + secure_ee_port_statement="Secure EE Port = " + secure_admin_port_statement="Secure Admin Port = " + pki_console_port_statement="PKI Console Port = " + tomcat_port_statement="Tomcat Port = " + + # initialize looping variables + pki_status_comment_found=0 + + # first check to see that an instance-specific "server.xml" file exists + if [ ! -f ${PKI_SERVER_XML_CONF} ] ; then + echo "File '${PKI_SERVER_XML_CONF}' does not exist!" + exit ${default_error} + fi + + # read this instance-specific "server.xml" file line-by-line + # to obtain the current PKI Status Definitions + exec < ${PKI_SERVER_XML_CONF} + while read line; do + # first look for the well-known end PKI Status comment + # (to turn off processing) + if [ "$line" == "$end_pki_status_comment" ] ; then + pki_status_comment_found=0 + break; + fi + + # then look for the well-known begin PKI Status comment + # (to turn on processing) + if [ "$line" == "$begin_pki_status_comment" ] ; then + pki_status_comment_found=1 + fi + + # once the well-known begin PKI Status comment has been found, + # begin processing to obtain all of the PKI Status Definitions + if [ $pki_status_comment_found -eq 1 ] ; then + # look for a PKI Status Definition and print it + head=`echo "$line" | cut -b1-20` + if [ "$head" == "$unsecure_port_statement" ] || + [ "$head" == "$secure_agent_port_statement" ] || + [ "$head" == "$secure_ee_port_statement" ] || + [ "$head" == "$secure_admin_port_statement" ] || + [ "$head" == "$pki_console_port_statement" ] || + [ "$head" == "$tomcat_port_statement" ] ; then + echo " $line" + total_ports=`expr ${total_ports} + 1` + fi + fi + done + + if [ ${total_ports} -eq 6 ] ; then + return 0 + else + return ${default_error} + fi +} + +get_pki_configuration_definitions() +{ + # Obtain the PKI Subsystem Type + line=`grep ^cs.type= ${pki_instance_configuration_file}` + pki_subsystem=`echo "${line}" | cut -b9-` + if [ "${line}" != "" ] ; then + if [ "${pki_subsystem}" != "CA" ] && + [ "${pki_subsystem}" != "KRA" ] && + [ "${pki_subsystem}" != "OCSP" ] && + [ "${pki_subsystem}" != "TKS" ] && + [ "${pki_subsystem}" != "RA" ] && + [ "${pki_subsystem}" != "TPS" ] + then + return ${default_error} + fi + if [ "${pki_subsystem}" == "KRA" ] ; then + # Rename "KRA" to "DRM" + pki_subsystem="DRM" + fi + else + return ${default_error} + fi + + # If "${pki_subsystem}" is a CA, DRM, OCSP, or TKS, + # check to see if "${pki_subsystem}" is a "Clone" + pki_clone="" + if [ "${pki_subsystem}" == "CA" ] || + [ "${pki_subsystem}" == "DRM" ] || + [ "${pki_subsystem}" == "OCSP" ] || + [ "${pki_subsystem}" == "TKS" ] + then + line=`grep ^subsystem.select= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_clone=`echo "${line}" | cut -b18-` + if [ "${pki_clone}" != "Clone" ] ; then + # Reset "${pki_clone}" to be empty + pki_clone="" + fi + else + return ${default_error} + fi + fi + + # If "${pki_subsystem}" is a CA, and is NOT a "Clone", check to + # see "${pki_subsystem}" is a "Root" or a "Subordinate" CA + pki_hierarchy="" + if [ "${pki_subsystem}" == "CA" ] && + [ "${pki_clone}" != "Clone" ] + then + line=`grep ^hierarchy.select= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_hierarchy=`echo "${line}" | cut -b18-` + else + return ${default_error} + fi + fi + + # If ${pki_subsystem} is a CA, check to + # see if it is also a Security Domain + pki_security_domain="" + if [ "${pki_subsystem}" == "CA" ] ; then + line=`grep ^securitydomain.select= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_security_domain=`echo "${line}" | cut -b23-` + if [ "${pki_security_domain}" == "new" ] ; then + # Set a fixed value for "${pki_security_domain}" + pki_security_domain="(Security Domain)" + else + # Reset "${pki_security_domain}" to be empty + pki_security_domain="" + fi + else + return ${default_error} + fi + fi + + # Always obtain this PKI instance's "registered" + # security domain information + pki_security_domain_name="" + pki_security_domain_hostname="" + pki_security_domain_https_admin_port="" + + line=`grep ^securitydomain.name= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_security_domain_name=`echo "${line}" | cut -b21-` + else + return ${default_error} + fi + + line=`grep ^securitydomain.host= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_security_domain_hostname=`echo "${line}" | cut -b21-` + else + return ${default_error} + fi + + line=`grep ^securitydomain.httpsadminport= ${pki_instance_configuration_file}` + if [ "${line}" != "" ] ; then + pki_security_domain_https_admin_port=`echo "${line}" | cut -b31-` + else + return ${default_error} + fi + + # Compose the "PKI Instance Name" Status Line + pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_ID}" + + # Compose the "PKI Subsystem Type" Status Line + header="PKI Subsystem Type: " + if [ "${pki_clone}" != "" ] ; then + if [ "${pki_security_domain}" != "" ]; then + # Possible Values: + # + # "CA Clone (Security Domain)" + # + data="${pki_subsystem} ${pki_clone} ${pki_security_domain}" + else + # Possible Values: + # + # "CA Clone" + # "DRM Clone" + # "OCSP Clone" + # "TKS Clone" + # + data="${pki_subsystem} ${pki_clone}" + fi + elif [ "${pki_hierarchy}" != "" ] ; then + if [ "${pki_security_domain}" != "" ]; then + # Possible Values: + # + # "Root CA (Security Domain)" + # "Subordinate CA (Security Domain)" + # + data="${pki_hierarchy} ${pki_subsystem} ${pki_security_domain}" + else + # Possible Values: + # + # "Root CA" + # "Subordinate CA" + # + data="${pki_hierarchy} ${pki_subsystem}" + fi + else + # Possible Values: + # + # "DRM" + # "OCSP" + # "RA" + # "TKS" + # "TPS" + # + data="${pki_subsystem}" + fi + pki_subsystem_type="${header} ${data}" + + # Compose the "Registered PKI Security Domain Information" Status Line + header="Name: " + registered_pki_security_domain_name="${header} ${pki_security_domain_name}" + + header="URL: " + if [ "${pki_security_domain_hostname}" != "" ] && + [ "${pki_security_domain_https_admin_port}" != "" ] + then + data="https://${pki_security_domain_hostname}:${pki_security_domain_https_admin_port}" + else + return ${default_error} + fi + registered_pki_security_domain_url="${header} ${data}" + + # Print the "PKI Subsystem Type" Status Line + echo + echo " ${pki_instance_name}" + + # Print the "PKI Subsystem Type" Status Line + echo + echo " ${pki_subsystem_type}" + + # Print the "Registered PKI Security Domain Information" Status Line + echo + echo " Registered PKI Security Domain Information:" + echo " ==========================================================================" + echo " ${registered_pki_security_domain_name}" + echo " ${registered_pki_security_domain_url}" + echo " ==========================================================================" + + return 0 +} + +get_pki_secure_port() +{ + # establish well-known strings + begin_ssl_comment="" + end_ssl_comment="" + connector_statement=" /dev/null 2>&1 ; then + echo "${PKI_INSTANCE_ID} (pid ${pid}) is running ..." + echo + check_pki_configuration_status + rv=$? + if [ ${rv} -eq 0 ] ; then + get_pki_status_definitions + rv=$? + if [ ${rv} -ne 0 ] ; then + echo + echo "${PKI_INSTANCE_ID} Status Definitions not found" + else + get_pki_configuration_definitions + rv=$? + if [ ${rv} -ne 0 ] ; then + echo + echo "${PKI_INSTANCE_ID} Configuration Definitions not found" + fi + fi + else + # From the PKI point of view for a "non-status" action, + # a returned error code of "6" implies that the program + # is not "configured". Similarly, an error code of "1" + # implies that the program was "configured" but must + # still be restarted. + # + # Similarly, from the PKI point of view for a "status" + # action, a returned error code of "4" implies that either + # the program is not "configured", or that the program + # was "configured" but must still be restarted. + # + # Regardless, it must still be considered that the instance + # is "running" from the viewpoint of other OS programs such + # as 'chkconfig'. + # + # For this reason, when returning from + # 'display_instance_status()', ignore non-zero return codes + # returned from 'check_pki_configuration_status()'. + # + if [ "${command}" != "status" ]; then + # * 0 action was successful + rv=0 + else + # * 0 program is running or service is OK + rv=0 + fi + fi + echo + else + echo "${PKI_INSTANCE_ID} is dead but pid file exists" + if [ "${command}" != "status" ]; then + # * 1 generic or unspecified error (current practice) + rv=1 + else + # * 1 program is dead and /var/run pid file exists + rv=1 + fi + fi + else + echo "${PKI_INSTANCE_ID} is stopped" + if [ "${command}" != "status" ]; then + # * 7 program is not running + rv=7 + else + # * 3 program is not running + rv=3 + fi + fi + + return ${rv} +} + +start_instance() +{ + rv=0 + + echo -n "Starting $TOMCAT_PROG: " + + if [ -f ${RESTART_SERVER} ] ; then + rm -f ${RESTART_SERVER} + fi + + if [ -f ${PKI_LOCKFILE} ] ; then + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} + if checkpid $kpid 2>&1; then + echo + echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..." + echo + check_pki_configuration_status + rv=$? + if [ ${rv} != 0 ]; then + # From the PKI point of view for a "non-status" action, + # a returned error code of "6" implies that the program + # is not "configured". Similarly, an error code of "1" + # implies that the program was "configured" but must + # still be restarted. + # + # Regardless, it must still be considered that the instance + # is "running" from the viewpoint of other OS programs such + # as 'chkconfig'. + # + # For "non-status" actions, ignore return codes of "1" + # from 'check_pki_configuration_status()'. + # + # However, for "non-status" actions that have a return + # code of "6", return this value unchanged to + # the calling routine so that the total number of + # configuration errors may be counted. + # + + echo + if [ ${rv} = 1 ] ; then + # * 0 action was successful + return 0 + elif [ ${rv} = 6 ] ; then + # * 6 program is not configured + return 6 + else + # should never be reached + return ${rv} + fi + else + return 0 + fi + else + echo + echo -n "lock file found but no process " + echo -n "running for pid $kpid, continuing" + echo + echo + rm -f ${PKI_LOCKFILE} + fi + fi + fi + + fix_pid_dir_ownership + + CATALINA_PID=${pidfile} + export CATALINA_PID + touch $CATALINA_PID + chown $TOMCAT_USER:$TOMCAT_GROUP $CATALINA_PID + chmod 00600 $CATALINA_PID + [ -x /sbin/restorecon ] && /sbin/restorecon $CATALINA_PID + + # restore context for ncipher hsm + [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast + + # Always initialize CLASSPATH to start looking + # in the local PKI classes directory . . . + CLASSPATH=/usr/share/pki/classes + + if [ ${OS} = "Linux" ] ; then + $TOMCAT_RELINK_SCRIPT + elif [ ${OS} = "SunOS" ] ; then + # The following definitions are provided for Solaris + # platforms since they are unable to execute the + # "/usr/share/tomcat5/bin/relink", + # "/usr/bin/rebuild-jar-repository", and + # "/usr/share/java-utils/java-functions" files . . . + + ####################################### + ## /var/lib/tomcat5/common/lib: + ####################################### + + # Build the tomcat jar classpath . . . + CLASSPATH="$CLASSPATH":/usr/share/java/ant.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-collections.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-dbcp.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging-api.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-pool.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-ejb-2.1.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-1.4.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-connector-1.5.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2ee-management-1.0.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-j2eeschema-1.0.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jms-1.1.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jsp-2.0.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-jta-1.0.1B.jar + CLASSPATH="$CLASSPATH":/usr/share/java/geronimo/spec-servlet-2.4.jar + CLASSPATH="$CLASSPATH":/usr/share/java/jaf.jar + CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-collections.jar + CLASSPATH="$CLASSPATH":/usr/share/java/jakarta-commons-modeler.jar + CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-compiler.jar + CLASSPATH="$CLASSPATH":/usr/share/java/jasper5-runtime.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/imap.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/mailapi.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/nntp.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/pop3.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/providers.jar + CLASSPATH="$CLASSPATH":/usr/share/java/javamail/smtp.jar + + # BEGIN LINUX-SPECIFIC FILE + # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar + # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar + # CLASSPATH="$CLASSPATH":/usr/share/java/jsp.jar + # END LINUX-SPECIFIC FILE + + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar + + # BEGIN LINUX-SPECIFIC FILE + # CLASSPATH="$CLASSPATH":/usr/share/java/servlet.jar + # END LINUX-SPECIFIC FILE + + CLASSPATH="$CLASSPATH":/usr/share/java/avalon-logkit.jar + CLASSPATH="$CLASSPATH":/usr/share/java/cmsutil.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar + if [ "$ARCHITECTURE" = "sparc" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar + elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar + fi + CLASSPATH="$CLASSPATH":/usr/share/java/ldapjdk.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-factory.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/common/lib/naming-resources.jar + CLASSPATH="$CLASSPATH":/usr/share/java/pki/nsutil.jar + if [ "$ARCHITECTURE" = "sparc" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/java/osutil.jar + elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/osutil.jar + fi + CLASSPATH="$CLASSPATH":/usr/share/java/rhino.jar + CLASSPATH="$CLASSPATH":/usr/share/java/servletapi5.jar + if [ "$ARCHITECTURE" = "sparc" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/java/symkey.jar + elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/symkey.jar + fi + CLASSPATH="$CLASSPATH":/usr/share/java/velocity.jar + CLASSPATH="$CLASSPATH":/usr/share/java/xalan-j2.jar + CLASSPATH="$CLASSPATH":/usr/share/java/xerces-j2.jar + + # Relink tomcat jar repositories . . . + cd /var/lib/tomcat5/common/lib + + if [ ! -e /var/lib/tomcat5/common/lib/\[ant\].jar ]; then + ln -s /usr/share/java/ant.jar [ant].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-collections\].jar ]; then + ln -s /usr/share/java/commons-collections.jar [commons-collections].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-dbcp\].jar ]; then + ln -s /usr/share/java/commons-dbcp.jar [commons-dbcp].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-el\].jar ]; then + ln -s /usr/share/java/commons-el.jar [commons-el].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-logging-api\].jar ]; then + ln -s /usr/share/java/commons-logging-api.jar [commons-logging-api].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[commons\-pool\].jar ]; then + ln -s /usr/share/java/commons-pool.jar [commons-pool].jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-ejb-2.1-rc2.jar [geronimo]spec-ejb-2.1-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-ejb\-2.1.jar ]; then + ln -s /usr/share/java/geronimo/spec-ejb-2.1.jar [geronimo]spec-ejb-2.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-1.4-rc2.jar [geronimo]spec-j2ee-1.4-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-1.4.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-1.4.jar [geronimo]spec-j2ee-1.4.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5-rc2.jar [geronimo]spec-j2ee-connector-1.5-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-connector\-1.5.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-connector-1.5.jar [geronimo]spec-j2ee-connector-1.5.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1-rc2.jar [geronimo]spec-j2ee-deployment-1.1-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-deployment\-1.1.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-deployment-1.1.jar [geronimo]spec-j2ee-deployment-1.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0-rc2.jar [geronimo]spec-j2ee-jacc-1.0-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-jacc\-1.0.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-jacc-1.0.jar [geronimo]spec-j2ee-jacc-1.0.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0-rc2.jar [geronimo]spec-j2ee-management-1.0-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2ee\-management\-1.0.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2ee-management-1.0.jar [geronimo]spec-j2ee-management-1.0.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0\-M2.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0-M2.jar [geronimo]spec-j2eeschema-1.0-M2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-j2eeschema\-1.0.jar ]; then + ln -s /usr/share/java/geronimo/spec-j2eeschema-1.0.jar [geronimo]spec-j2eeschema-1.0.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-jms-1.1-rc2.jar [geronimo]spec-jms-1.1-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jms\-1.1.jar ]; then + ln -s /usr/share/java/geronimo/spec-jms-1.1.jar [geronimo]spec-jms-1.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-jsp-2.0-rc2.jar [geronimo]spec-jsp-2.0-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jsp\-2.0.jar ]; then + ln -s /usr/share/java/geronimo/spec-jsp-2.0.jar [geronimo]spec-jsp-2.0.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec-jta-1.0.1B-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-jta-1.0.1B-rc2.jar [geronimo]spec-jta-1.0.1B-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-jta\-1.0.1B.jar ]; then + ln -s /usr/share/java/geronimo/spec-jta-1.0.1B.jar [geronimo]spec-jta-1.0.1B.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4\-rc2.jar ]; then + ln -s /usr/share/java/geronimo/spec-servlet-2.4-rc2.jar [geronimo]spec-servlet-2.4-rc2.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[geronimo\]spec\-servlet\-2.4.jar ]; then + ln -s /usr/share/java/geronimo/spec-servlet-2.4.jar [geronimo]spec-servlet-2.4.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[jaf\].jar ]; then + ln -s /usr/share/java/jaf.jar [jaf].jar + fi + + ### BEGIN SOLARIS-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-collections.jar\] ]; then + ### ln -s /usr/share/java/jakarta-commons-collections.jar [jakarta-commons-collections.jar] + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jakarta\-commons\-modeler.jar\] ]; then + ### ln -s /usr/share/java/jakarta-commons-modeler.jar [jakarta-commons-modeler.jar] + ### fi + ### END SOLARIS-SPECIFIC LINKS + + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-compiler\].jar ]; then + ### ln -s /usr/share/java/jasper5-compiler.jar [jasper5-compiler].jar + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jasper5\-runtime\].jar ]; then + ### ln -s /usr/share/java/jasper5-runtime.jar [jasper5-runtime].jar + ### fi + + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/imap-1.3.1.jar [javamail]imap-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]imap.jar ]; then + ln -s /usr/share/java/javamail/imap.jar [javamail]imap.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/mailapi-1.3.1.jar [javamail]mailapi-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]mailapi.jar ]; then + ln -s /usr/share/java/javamail/mailapi.jar [javamail]mailapi.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/nntp-1.3.1.jar [javamail]nntp-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]nntp.jar ]; then + ln -s /usr/share/java/javamail/nntp.jar [javamail]nntp.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/pop3-1.3.1.jar [javamail]pop3-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]pop3.jar ]; then + ln -s /usr/share/java/javamail/pop3.jar [javamail]pop3.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/providers-1.3.1.jar [javamail]providers-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]providers.jar ]; then + ln -s /usr/share/java/javamail/providers.jar [javamail]providers.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp\-1.3.1.jar ]; then + ln -s /usr/share/java/javamail/smtp-1.3.1.jar [javamail]smtp-1.3.1.jar + fi + if [ ! -e /var/lib/tomcat5/common/lib/\[javamail\]smtp.jar ]; then + ln -s /usr/share/java/javamail/smtp.jar [javamail]smtp.jar + fi + + ### BEGIN LINUX-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtCompilerAdapter\].jar ]; then + ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jdtcore\].jar ]; then + ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/\[jsp\].jar ]; then + ### ln -s /usr/share/java/jsp.jar [jsp].jar + ### fi + ### END LINUX-SPECIFIC LINKS + + if [ ! -e /var/lib/tomcat5/common/lib/\[mx4j\]\[mx4j\].jar ]; then + ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar + fi + + ### BEGIN LINUX-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/common/lib/\[servlet\].jar ]; then + ### ln -s /usr/share/java/servlet.jar [servlet].jar + ### fi + ### END LINUX-SPECIFIC LINKS + + ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK + if [ ! -e /var/lib/tomcat5/common/lib/avalon\-logkit.jar ]; then + ln -s /usr/share/java/avalon-logkit.jar avalon-logkit.jar + fi + ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK + + ### if [ ! -e /var/lib/tomcat5/common/lib/cmsutil.jar ]; then + ### ln -s /usr/share/java/rphki/cmsutil.jar cmsutil.jar + ### fi + + ### BEGIN LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK + if [ ! -e /var/lib/tomcat5/common/lib/commons\-logging.jar ]; then + ln -s /usr/share/java/commons-logging.jar commons-logging.jar + fi + ### END LINUX-SPECIFIC FILE BUT SOLARIS-SPECIFIC LINK + + ### if [ ! -e /var/lib/tomcat5/common/lib/jss4.jar ]; then + ### if [ "$ARCHITECTURE" = "sparc" ] ; then + ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar + ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar + ### fi + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/ldapjdk.jar ]; then + ### ln -s /usr/share/java/ldapjdk.jar ldapjdk.jar + ### fi + + ### naming-factory.jar + ### naming-resources.jar + + ### if [ ! -e /var/lib/tomcat5/common/lib/nsutil.jar ]; then + ### ln -s /usr/share/java/pki/nsutil.jar nsutil.jar + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/osutil.jar ]; then + ### if [ "$ARCHITECTURE" = "sparc" ] ; then + ### ln -s /usr/lib/java/osutil.jar osutil.jar + ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + ### ln -s /usr/lib/sparcv9/java/osutil.jar osutil.jar + ### fi + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/rhino.jar ]; then + ### ln -s /usr/share/java/rhino.jar rhino.jar + ### fi + + ### BEGIN SOLARIS-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/common/lib/\[servletapi5.jar\] ]; then + ### ln -s /usr/share/java/servletapi5.jar [servletapi5.jar] + ### fi + ### END SOLARIS-SPECIFIC LINKS + + ### if [ ! -e /var/lib/tomcat5/common/lib/symkey.jar ]; then + ### if [ "$ARCHITECTURE" = "sparc" ] ; then + ### ln -s /usr/lib/java/symkey.jar symkey.jar + ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + ### ln -s /usr/lib/sparcv9/java/symkey.jar symkey.jar + ### fi + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/velocity.jar ]; then + ### ln -s /usr/share/java/velocity.jar velocity.jar + ### fi + ### if [ ! -e /var/lib/tomcat5/common/lib/xalan\-j2.jar ]; then + ### ln -s /usr/share/java/xalan-j2.jar xalan-j2.jar + ### fi + + if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2\-2.6.2.jar ]; then + ln -s /usr/share/java/xerces-j2-2.6.2.jar xerces-j2-2.6.2.jar + fi + + ### if [ ! -e /var/lib/tomcat5/common/lib/xerces\-j2.jar ]; then + ### ln -s /usr/share/java/xerces-j2.jar xerces-j2.jar + ### fi + + + ####################################### + ## /var/lib/tomcat5/common/endorsed: + ####################################### + + # Build the tomcat jar classpath . . . + CLASSPATH="$CLASSPATH":/usr/share/java/xml-commons-apis.jar + + # BEGIN LINUX-SPECIFIC FILE + # CLASSPATH="$CLASSPATH":/usr/share/java/jaxp_parser_impl.jar + # END LINUX-SPECIFIC FILE + + + # Relink tomcat jar repositories . . . + cd /var/lib/tomcat5/common/endorsed + + ### BEGIN LINUX-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/common/endorsed/\[jaxp_parser_impl\].jar ]; then + ### ln -s /usr/share/java/jaxp_parser_impl.jar [jaxp_parser_impl].jar + ### fi + ### END LINUX-SPECIFIC LINKS + + if [ ! -e /var/lib/tomcat5/common/endorsed/\[xml\-commons\-apis\].jar ]; then + ln -s /usr/share/java/xml-commons-apis.jar [xml-commons-apis].jar + fi + + + ####################################### + ## /var/lib/tomcat5/server/lib: + ####################################### + + # Build the tomcat jar classpath . . . + CLASSPATH="$CLASSPATH":/usr/share/java/catalina-ant5.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-beanutils.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-digester.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-el.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-fileupload.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-logging.jar + CLASSPATH="$CLASSPATH":/usr/share/java/commons-modeler.jar + + # BEGIN LINUX-SPECIFIC FILE + # CLASSPATH="$CLASSPATH":/usr/share/java/jdtCompilerAdapter.jar + # CLASSPATH="$CLASSPATH":/usr/share/java/jdtcore.jar + # END LINUX-SPECIFIC FILE + + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-impl.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-jmx.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-remote.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rimpl.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-rjmx.jar + CLASSPATH="$CLASSPATH":/usr/share/java/mx4j/mx4j-tools.jar + CLASSPATH="$CLASSPATH":/usr/share/java/regexp.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-cluster.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-optional.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina-storeconfig.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/catalina.jar + if [ "$ARCHITECTURE" = "sparc" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/java/dirsec/jss4.jar + elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + CLASSPATH="$CLASSPATH":/usr/lib/sparcv9/java/dirsec/jss4.jar + fi + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-cgi.renametojar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-default.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-invoker.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-ssi.renametojar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/servlets-webdav.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-ajp.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-coyote.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-http.jar + CLASSPATH="$CLASSPATH":/var/lib/tomcat5/server/lib/tomcat-util.jar + CLASSPATH="$CLASSPATH":/usr/share/java/tomcatjss.jar + + + # Relink tomcat jar repositories . . . + cd /var/lib/tomcat5/server/lib + + if [ ! -e /var/lib/tomcat5/server/lib/\[catalina\-ant5\].jar ]; then + ln -s /usr/share/java/catalina-ant5.jar [catalina-ant5].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-beanutils\].jar ]; then + ln -s /usr/share/java/commons-beanutils.jar [commons-beanutils].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-digester\].jar ]; then + ln -s /usr/share/java/commons-digester.jar [commons-digester].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-el\].jar ]; then + ln -s /usr/share/java/commons-el.jar [commons-el].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-fileupload\].jar ]; then + ln -s /usr/share/java/commons-fileupload.jar [commons-fileupload].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-logging\].jar ]; then + ln -s /usr/share/java/commons-logging.jar [commons-logging].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[commons\-modeler\].jar ]; then + ln -s /usr/share/java/commons-modeler.jar [commons-modeler].jar + fi + + ### BEGIN LINUX-SPECIFIC LINKS + ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtCompilerAdapter\].jar ]; then + ### ln -s /usr/share/java/jdtCompilerAdapter.jar [jdtCompilerAdapter].jar + ### fi + ### if [ ! -e /var/lib/tomcat5/server/lib/\[jdtcore\].jar ]; then + ### ln -s /usr/share/java/jdtcore.jar [jdtcore].jar + ### fi + ### END LINUX-SPECIFIC LINKS + + if [ ! -e /var/lib/tomcat5/server/lib/\[mx4j\]\[mx4j\].jar ]; then + ln -s /usr/share/java/mx4j/mx4j.jar [mx4j][mx4j].jar + fi + if [ ! -e /var/lib/tomcat5/server/lib/\[regexp\].jar ]; then + ln -s /usr/share/java/regexp.jar [regexp].jar + fi + + ### catalina-cluster.jar + ### catalina-optional.jar + ### catalina-storeconfig.jar + ### catalina.jar + ### if [ ! -e /var/lib/tomcat5/server/lib/jss4.jar ]; then + ### if [ "$ARCHITECTURE" = "sparc" ] ; then + ### ln -s /usr/lib/java/dirsec/jss4.jar jss4.jar + ### elif [ "$ARCHITECTURE" = "sparcv9" ] ; then + ### ln -s /usr/lib/sparcv9/java/dirsec/jss4.jar jss4.jar + ### fi + ### fi + ### servlets-cgi.renametojar + ### servlets-default.jar + ### servlets-invoker.jar + ### servlets-ssi.renametojar + ### servlets-webdav.jar + ### tomcat-ajp.jar + ### tomcat-coyote.jar + ### tomcat-http.jar + ### tomcat-util.jar + ### if [ ! -e /var/lib/tomcat5/server/lib/tomcatjss.jar ]; then + ### ln -s /usr/share/java/tomcatjss.jar tomcatjss.jar + ### fi + + + ####################################### + ## /var/lib/tomcat5/shared/lib: + ####################################### + + # Build the tomcat jar classpath . . . + + export CLASSPATH + + + # Relink tomcat jar repositories . . . + cd /var/lib/tomcat5/shared/lib + fi + + # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start + if [ ${OS} = "SunOS" ] ; then + su $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null + else + runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null + fi + + rv=$? + if [ ${rv} = 0 ] ; then + touch ${PKI_LOCKFILE} + chown $TOMCAT_USER:$TOMCAT_GROUP $PKI_LOCKFILE + chmod 00600 $PKI_LOCKFILE + fi + + if [ ${rv} = 0 ] ; then + count=0; + + let swait=$STARTUP_WAIT + while [ ! -s ${pidfile} ] && + [ $count -lt $swait ] + do + echo -n "." + sleep 1 + let count=$count+1; + done + + if [ -f /etc/init.d/functions ]; then + if [ "$CONSOLETYPE" = "serial" ]; then + echo -n " " + fi + echo_success + echo + else + echo " [ OK ]" + fi + + get_pki_secure_port + if [ $? -ne 0 ] ; then + PKI_SECURE_PORT="" + fi + + # ignore "status" return codes + echo + display_instance_status + else + if [ -f /etc/init.d/functions ]; then + if [ "$CONSOLETYPE" = "serial" ]; then + $0 echo -n " " + fi + echo_failure + echo + else + echo " [ FAILED ]" + fi + fi + + sleep 5 + return ${rv} +} + +stop_instance() +{ + rv=0 + + echo -n "Stopping $TOMCAT_PROG: " + + if [ -f ${PKI_LOCKFILE} ] ; then + CATALINA_PID=${pidfile} + export CATALINA_PID + + # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop + if [ ${OS} = "SunOS" ] ; then + su $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null + else + runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT stop" > /dev/null + fi + + rv=$? + + if [ ${rv} = 0 ]; then + count=0; + + if [ -f ${pidfile} ]; then + read kpid < ${pidfile} + let kwait=$SHUTDOWN_WAIT + + until [ `ps -p $kpid | grep -c $kpid` = '0' ] || + [ $count -gt $kwait ] + do + echo -n "." + sleep 1 + let count=$count+1; + done + + if [ $count -gt $kwait ]; then + kill -9 $kpid + fi + fi + + rm -f ${PKI_LOCKFILE} + rm -f ${pidfile} + + if [ -f /etc/init.d/functions ]; then + if [ "$CONSOLETYPE" = "serial" ]; then + echo -n " " + fi + echo_success + echo + else + echo " [ OK ]" + fi + else + if [ -f /etc/init.d/functions ]; then + if [ "$CONSOLETYPE" = "serial" ]; then + echo -n " " + fi + echo_failure + echo + else + echo " [ FAILED ]" + fi + rv=${default_error} + fi + else + echo + echo "process already stopped" + rv=0 + fi + + return ${rv} +} + +start() +{ + # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts": + # + # * 0 action was successful + # * 1 generic or unspecified error (current practice) + # * 2 invalid or excess argument(s) + # * 3 unimplemented feature (for example, "reload") + # * 4 user had insufficient privilege + # * 5 program is not installed + # * 6 program is not configured + # * 7 program is not running + # * 8-99 reserved for future LSB use + # * 100-149 reserved for distribution use + # * 150-199 reserved for application use + # * 200-254 reserved + # + + error_rv=0 + rv=0 + + if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then + config_errors=0 + errors=0 + + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + echo "BEGIN STARTING '${PKI_TYPE}' INSTANCE(S):" + fi + + # Start every PKI instance of this type that isn't already running + for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do + # Source values associated with this particular PKI instance + [ -f ${PKI_REGISTRY_ENTRY} ] && + . ${PKI_REGISTRY_ENTRY} + + pidfile=${PKI_PIDDIR}/${PKI_PIDFILE} + + [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo + + start_instance + + rv=$? + if [ ${rv} = 6 ] ; then + # Since at least ONE configuration error exists, then there + # is at least ONE unconfigured instance from the PKI point + # of view. + # + # However, it must still be considered that the + # instance is "running" from the point of view of other + # OS programs such as 'chkconfig'. + # + # Therefore, ignore non-zero return codes resulting + # from configuration errors. + # + + config_errors=`expr $config_errors + 1` + rv=0 + elif [ ${rv} != 0 ] ; then + errors=`expr $errors + 1` + error_rv=${rv} + fi + done + + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt ${errors} ] ; then + touch ${lockfile} + chmod 00600 ${lockfile} + fi + + # ONLY print a "WARNING" message if multiple + # instances are being examined + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + # NOTE: "bad" return code(s) OVERRIDE configuration errors! + if [ ${errors} -eq 1 ]; then + # Since only ONE error exists, return that "bad" error code. + rv=${error_rv} + elif [ ${errors} -gt 1 ]; then + # Since MORE than ONE error exists, return an OVERALL status + # of "1 generic or unspecified error (current practice)" + rv=1 + fi + + if [ ${errors} -ge 1 ]; then + echo + echo -n "WARNING: " + echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " + echo -n "'${PKI_TYPE}' instances failed to start!" + echo + fi + + if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then + echo + echo -n "WARNING: " + echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} " + echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} " + echo -n "'${PKI_TYPE}' instances MUST be configured!" + echo + fi + + echo + echo "FINISHED STARTING '${PKI_TYPE}' INSTANCE(S)." + fi + else + echo + echo "ERROR: No '${PKI_TYPE}' instances installed!" + rv=5 + fi + + return ${rv} +} + +stop() +{ + # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts": + # + # * 0 action was successful + # * 1 generic or unspecified error (current practice) + # * 2 invalid or excess argument(s) + # * 3 unimplemented feature (for example, "reload") + # * 4 user had insufficient privilege + # * 5 program is not installed + # * 6 program is not configured + # * 7 program is not running + # * 8-99 reserved for future LSB use + # * 100-149 reserved for distribution use + # * 150-199 reserved for application use + # * 200-254 reserved + # + + error_rv=0 + rv=0 + + if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then + errors=0 + + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + echo "BEGIN SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S):" + fi + + # Shutdown every PKI instance of this type that is running + for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do + # Source values associated with this particular PKI instance + [ -f ${PKI_REGISTRY_ENTRY} ] && + . ${PKI_REGISTRY_ENTRY} + + pidfile=${PKI_PIDDIR}/${PKI_PIDFILE} + + [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo + + stop_instance + + rv=$? + if [ ${rv} != 0 ] ; then + errors=`expr $errors + 1` + error_rv=${rv} + fi + done + + if [ ${errors} -eq 0 ] ; then + rm -f ${lockfile} + fi + + # ONLY print a "WARNING" message if multiple + # instances are being examined + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + if [ ${errors} -eq 1 ]; then + # Since only ONE error exists, return that "bad" error code. + rv=${error_rv} + elif [ ${errors} -gt 1 ]; then + # Since MORE than ONE error exists, return an OVERALL status + # of "1 generic or unspecified error (current practice)" + rv=1 + fi + + if [ ${errors} -ge 1 ]; then + echo + echo -n "WARNING: " + echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " + echo -n "'${PKI_TYPE}' instances were " + echo -n "unsuccessfully stopped!" + echo + fi + + echo + echo "FINISHED SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S)." + fi + else + echo + echo "ERROR: No '${PKI_TYPE}' instances installed!" + rv=5 + fi + + return ${rv} +} + +restart() +{ + # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts": + # + # * 0 action was successful + # * 1 generic or unspecified error (current practice) + # * 2 invalid or excess argument(s) + # * 3 unimplemented feature (for example, "reload") + # * 4 user had insufficient privilege + # * 5 program is not installed + # * 6 program is not configured + # * 7 program is not running + # * 8-99 reserved for future LSB use + # * 100-149 reserved for distribution use + # * 150-199 reserved for application use + # * 200-254 reserved + # + + stop + sleep 2 + echo + echo "============================================================" + echo + start + + return $? +} + +status() +{ + # From "http://fedoraproject.org/wiki/FCNewInit/Initscripts": + # + # * 0 program is running or service is OK + # * 1 program is dead and /var/run pid file exists + # * 2 program is dead and /var/lock lock file exists + # * 3 program is not running + # * 4 program or service status is unknown + # * 5-99 reserved for future LSB use + # * 100-149 reserved for distribution use + # * 150-199 reserved for application use + # * 200-254 reserved + # + + error_rv=0 + rv=0 + + if [ -n "${PKI_REGISTRY_ENTRIES}" ]; then + errors=0 + + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + echo "REPORT STATUS OF '${PKI_TYPE}' INSTANCE(S):" + fi + + # Obtain status of every PKI instance of this type + for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do + # Source values associated with this particular PKI instance + [ -f ${PKI_REGISTRY_ENTRY} ] && + . ${PKI_REGISTRY_ENTRY} + + pidfile=${PKI_PIDDIR}/${PKI_PIDFILE} + + [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo + + display_instance_status + + rv=$? + if [ ${rv} -ne 0 ] ; then + errors=`expr $errors + 1` + error_rv=${rv} + fi + done + + # ONLY print a "WARNING" message if multiple + # instances are being examined + if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then + if [ ${errors} -eq 1 ]; then + # Since only ONE error exists, return that "bad" error code. + rv=${error_rv} + elif [ ${errors} -gt 1 ]; then + # Since MORE than ONE error exists, return an OVERALL status + # of "4 - program or service status is unknown" + rv=4 + fi + + if [ ${errors} -ge 1 ]; then + echo + echo -n "WARNING: " + echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " + echo -n "'${PKI_TYPE}' instances reported status failures!" + echo + fi + + if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then + echo + echo -n "WARNING: " + echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} " + echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} " + echo -n "'${PKI_TYPE}' instances MUST be configured!" + echo + fi + + echo + echo "FINISHED REPORTING STATUS OF '${PKI_TYPE}' INSTANCE(S)." + fi + else + echo + echo "ERROR: No '${PKI_TYPE}' instances installed!" + rv=4 + fi + + return ${rv} +} + +# See how we were called. +case "${command}" in + start|stop|restart|status) + ${command} + exit $? + ;; + condrestart|force-restart|try-restart) + [ ! -f ${lockfile} ] || restart + exit $? + ;; + reload) + echo "The 'reload' action is an unimplemented feature." + exit ${default_error} + ;; + *) + # * 3 unimplemented feature (for example, "reload") + # [invalid command - should never be reached] + echo + usage + echo "where valid instance names include:" + list_instances + exit 3 + ;; +esac + diff --git a/pki/base/common/LICENSE b/pki/base/common/LICENSE index e36f2269a..e281f4362 100644 --- a/pki/base/common/LICENSE +++ b/pki/base/common/LICENSE @@ -11,26 +11,6 @@ You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -In addition, as a special exception, Red Hat, Inc. gives You the additional -right to link the code of this Program with code not covered under the GNU -General Public License ("Non-GPL Code") and to distribute linked combinations -including the two, subject to the limitations in this paragraph. Non-GPL -Code permitted under this exception must only link to the code of this -Program through those well defined interfaces identified in the file named -EXCEPTION found in the source code files (the "Approved Interfaces"). - -The files of Non-GPL Code may instantiate templates or use macros or inline -functions from the Approved Interfaces without causing the resulting work to -be covered by the GNU General Public License. Only Red Hat, Inc. may make -changes or additions to the list of Approved Interfaces. You must obey the -GNU General Public License in all respects for all of the Program code and -other code used in conjunction with the Program except the Non-GPL Code -covered by this exception. If you modify this file, you may extend this -exception to your version of the file, but you are not obligated to do so. -If you do not wish to provide this exception without modification, you must -delete this exception statement from your version and license this file -solely under the GPL without exception. - GNU GENERAL PUBLIC LICENSE Version 2, June 1991 diff --git a/pki/base/common/build.xml b/pki/base/common/build.xml index 96dc86317..fd12328b5 100644 --- a/pki/base/common/build.xml +++ b/pki/base/common/build.xml @@ -260,17 +260,6 @@ prefix="usr/share/${product.prefix}/scripts"> - - - - - - - @@ -298,17 +287,6 @@ prefix="${dist.name}/usr/share/${product.prefix}/scripts"> - - - - - - - diff --git a/pki/base/common/setup/postinstall b/pki/base/common/setup/postinstall deleted file mode 100755 index f8b342440..000000000 --- a/pki/base/common/setup/postinstall +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# - -############################################################################### -## (1) Check command line arguments to see how many were passed in. ## -############################################################################### - -if [ $# -eq 1 ] -then - PKI_PRODUCT_NAME=$1 -else - echo - echo "Usage: $0 PKI_product_name" - echo - - exit 255 -fi - - -############################################################################### -## (2) Specify variables used by this script. ## -############################################################################### - - - -############################################################################### -## (3) Create the first instance of a Certificate Authority (CA). ## -############################################################################### - -/usr/share/${PKI_PRODUCT_NAME}/scripts/pkicomplete - - -############################################################################### -## (4) Successfully exit from this postinstallation script. ## -############################################################################### - -exit 0 - diff --git a/pki/base/config/product.xml b/pki/base/config/product.xml index e4059f8ad..f228b3323 100644 --- a/pki/base/config/product.xml +++ b/pki/base/config/product.xml @@ -37,6 +37,7 @@ + diff --git a/pki/base/selinux/LICENSE b/pki/base/selinux/LICENSE index e36f2269a..e281f4362 100644 --- a/pki/base/selinux/LICENSE +++ b/pki/base/selinux/LICENSE @@ -11,26 +11,6 @@ You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -In addition, as a special exception, Red Hat, Inc. gives You the additional -right to link the code of this Program with code not covered under the GNU -General Public License ("Non-GPL Code") and to distribute linked combinations -including the two, subject to the limitations in this paragraph. Non-GPL -Code permitted under this exception must only link to the code of this -Program through those well defined interfaces identified in the file named -EXCEPTION found in the source code files (the "Approved Interfaces"). - -The files of Non-GPL Code may instantiate templates or use macros or inline -functions from the Approved Interfaces without causing the resulting work to -be covered by the GNU General Public License. Only Red Hat, Inc. may make -changes or additions to the list of Approved Interfaces. You must obey the -GNU General Public License in all respects for all of the Program code and -other code used in conjunction with the Program except the Non-GPL Code -covered by this exception. If you modify this file, you may extend this -exception to your version of the file, but you are not obligated to do so. -If you do not wish to provide this exception without modification, you must -delete this exception statement from your version and license this file -solely under the GPL without exception. - GNU GENERAL PUBLIC LICENSE Version 2, June 1991 diff --git a/pki/base/setup/LICENSE b/pki/base/setup/LICENSE index e36f2269a..e281f4362 100644 --- a/pki/base/setup/LICENSE +++ b/pki/base/setup/LICENSE @@ -11,26 +11,6 @@ You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -In addition, as a special exception, Red Hat, Inc. gives You the additional -right to link the code of this Program with code not covered under the GNU -General Public License ("Non-GPL Code") and to distribute linked combinations -including the two, subject to the limitations in this paragraph. Non-GPL -Code permitted under this exception must only link to the code of this -Program through those well defined interfaces identified in the file named -EXCEPTION found in the source code files (the "Approved Interfaces"). - -The files of Non-GPL Code may instantiate templates or use macros or inline -functions from the Approved Interfaces without causing the resulting work to -be covered by the GNU General Public License. Only Red Hat, Inc. may make -changes or additions to the list of Approved Interfaces. You must obey the -GNU General Public License in all respects for all of the Program code and -other code used in conjunction with the Program except the Non-GPL Code -covered by this exception. If you modify this file, you may extend this -exception to your version of the file, but you are not obligated to do so. -If you do not wish to provide this exception without modification, you must -delete this exception statement from your version and license this file -solely under the GPL without exception. - GNU GENERAL PUBLIC LICENSE Version 2, June 1991 diff --git a/pki/base/setup/pkicommon b/pki/base/setup/pkicommon index 4f71d8139..7b72a5660 100755 --- a/pki/base/setup/pkicommon +++ b/pki/base/setup/pkicommon @@ -217,6 +217,22 @@ $HTTPS_PREFIX = "https://"; $LDAP_PREFIX = "ldap://"; $LDAPS_PREFIX = "ldaps://"; +# Subsystem names +$CA = "ca"; +$KRA = "kra"; +$OCSP = "ocsp"; +$TKS = "tks"; +$RA = "ra"; +$TPS = "tps"; + +# Subsystem init scripts +$CA_INIT_SCRIPT = "pki-cad"; +$KRA_INIT_SCRIPT = "pki-krad"; +$OCSP_INIT_SCRIPT = "pki-ocspd"; +$TKS_INIT_SCRIPT = "pki-tksd"; +$RA_INIT_SCRIPT = "pki-rad"; +$TPS_INIT_SCRIPT = "pki-tpsd"; + ############################################################## # Global Variables diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index 9cab383f7..770983985 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -26,17 +26,17 @@ # Sample Invocation (for CA): # # ./pkicreate -pki_instance_root=/var/lib -# -pki_instance_name=pki-ca1 +# -pki_instance_name=pki-ca # -subsystem_type=ca -# -agent_secure_port=9543 -# -ee_secure_port=9544 -# -admin_secure_port=9545 -# -unsecure_port=9580 -# -tomcat_server_port=9801 +# -agent_secure_port=9443 +# -ee_secure_port=9444 +# -admin_secure_port=9445 +# -unsecure_port=9180 +# -tomcat_server_port=9701 # -user=pkiuser # -group=pkiuser -# -redirect conf=/etc/pki-ca1 -# -redirect logs=/var/log/pki-ca1 +# -redirect conf=/etc/pki-ca +# -redirect logs=/var/log/pki-ca # -verbose # ############################################################## @@ -134,7 +134,7 @@ $pki_flavor =~ s/\s+$//g; # Establish path to scripts my $pki_subsystem_common_area = "/usr/share/$pki_flavor"; -my $common_path = "/usr/share/pki/scripts"; +my $common_path = "/usr/share/$pki_flavor/scripts"; if( ! -d "$common_path" ) { print( STDERR @@ -180,14 +180,6 @@ my $jdbc_stdext_link = "/var/lib/tomcat5/common/lib/\[jdbc-stdext\].jar"; my $jndi_link = "/var/lib/tomcat5/common/lib/\[jndi\].jar"; my $jaas_link = "/var/lib/tomcat5/server/lib/\[jaas\].jar"; -# Subsystem names -my $CA = "ca"; -my $OCSP = "ocsp"; -my $KRA = "kra"; -my $TKS = "tks"; -my $RA = "ra"; -my $TPS = "tps"; - # Base subsystem directory names my $acl_base_subsystem_dir = "acl"; # CA, KRA, OCSP, TKS my $alias_base_subsystem_dir = "alias"; # CA, KRA, OCSP, TKS, RA, TPS @@ -250,8 +242,10 @@ my $cmsbundle_jar_base_name = "cmsbundle.jar"; # CA, KRA, OCSP, TKS my $cmscore_jar_base_name = "cmscore.jar"; # CA, KRA, OCSP, TKS my $conf_base_name = "conf"; # CA, KRA, OCSP, TKS, # RA, TPS -my $httpd_base_name = "httpd"; # CA, KRA, OCSP, TKS, +# BEGIN Legacy Start/Stop Implementation +my $httpd_base_name = "httpd"; # KRA, OCSP, TKS, # RA, TPS +# END Legacy Start/Stop Implementation my $httpd_conf_base_name = "httpd.conf"; # RA, TPS my $index_html_base_name = "index.html"; # CA, KRA, OCSP, TKS my $logs_base_name = "logs"; # CA, KRA, OCSP, TKS, @@ -278,7 +272,9 @@ my $velocity_prop_base_name = "velocity.properties"; # CA, KRA, OCSP, TKS my $web_xml_base_name = "web.xml"; # CA, KRA, OCSP, TKS # Subdirectory names -my $initd_base_subsystem_dir = "init.d"; # CA, KRA, OCSP, TKS, RA, TPS +# BEGIN Legacy Start/Stop Implementation +my $initd_base_subsystem_dir = "init.d"; # KRA, OCSP, TKS, RA, TPS +# END Legacy Start/Stop Implementation my $perl_base_instance_symlink = "perl"; # RA, TPS my $perl_base_subsystem_dir = "perl"; # RA, TPS my $signed_audit_base_instance_dir = "signedAudit"; # CA, KRA, OCSP, TKS, TPS @@ -293,7 +289,6 @@ my $default_dir_permissions = 00770; my $default_exe_permissions = 00770; my $default_file_permissions = 00660; my $default_security_token = "internal"; -my $default_start_stop_scripts = "/etc/init.d"; my $default_tomcat_common_path = "/var/lib/tomcat5/common"; # Default PKI user and group to give to PKI installed files @@ -514,7 +509,6 @@ my $httpd_conf_subsystem_file_path = ""; # RA, TPS my $index_html_instance_file_path = ""; # CA, KRA, OCSP, TKS my $index_html_subsystem_file_path = ""; # CA, KRA, OCSP, TKS my $java_pki_flavor_jar_path = ""; # CA, KRA, OCSP, TKS -my $java_pki_flavor_subsystem_jar_path = ""; # CA, KRA, OCSP, TKS my $magic_instance_file_path = ""; # RA, TPS my $magic_subsystem_file_path = ""; # RA, TPS my $mime_types_instance_file_path = ""; # RA, TPS @@ -538,14 +532,14 @@ my $pki_cfg_instance_file_path = ""; # CA, KRA, OCSP, TKS, # RA, TPS my $pki_cfg_subsystem_file_path = ""; # CA, KRA, OCSP, TKS, # RA, TPS -my $pki_start_stop_command = ""; # CA, KRA, OCSP, TKS, - # RA, TPS -my $pki_start_stop_script_instance_file_path = ""; # CA, KRA, OCSP, TKS, +# BEGIN Legacy Start/Stop Implementation +my $pki_start_stop_script_instance_file_path = ""; # KRA, OCSP, TKS, # RA, TPS -my $pki_start_stop_script_subsystem_file_path = ""; # CA, KRA, OCSP, TKS, +my $pki_start_stop_script_subsystem_file_path = ""; # KRA, OCSP, TKS, # RA, TPS -my $pki_start_stop_script_symlink_path = ""; # CA, KRA, OCSP, TKS, +my $pki_start_stop_script_symlink_path = ""; # KRA, OCSP, TKS, # RA, TPS +# END Legacy Start/Stop Implementation my $schemaMods_ldif_instance_file_path = ""; # RA, TPS my $schemaMods_ldif_subsystem_file_path = ""; # RA, TPS my $server_xml_instance_file_path = ""; # CA, KRA, OCSP, TKS @@ -567,6 +561,26 @@ my $webinf_instance_path = ""; # CA, KRA, OCSP, TKS my $webinf_lib_instance_path = ""; # CA, KRA, OCSP, TKS my $webinf_subsystem_path = ""; # CA, KRA, OCSP, TKS +# PKI init script variables +my $default_init_scripts_path = ""; # CA, KRA, OCSP, TKS + # RA, TPS +my $pki_init_script = ""; # CA, KRA, OCSP, TKS, + # RA, TPS +my $pki_init_script_command = ""; # CA, KRA, OCSP, TKS, + # RA, TPS + +# PKI registry variables +my $default_registry_path = ""; # CA, KRA, OCSP, TKS + # RA, TPS +my $pki_registry_path = ""; # CA, KRA, OCSP, TKS + # RA, TPS +my $pki_registry_subsystem_path = ""; # CA, KRA, OCSP, TKS + # RA, TPS +my $pki_instance_registry = ""; # CA, KRA, OCSP, TKS + # RA, TPS +my $pki_instance_registry_entry = ""; # CA, KRA, OCSP, TKS + # RA, TPS + # PKI creation variables my $host = ""; my $db_password = 0; @@ -587,6 +601,12 @@ if( $^O eq "linux" ) { $setup_config_area = "/usr/share/applications"; $setup_config_name = "config.desktop"; + # Linux init scripts + $default_init_scripts_path = "/etc/rc.d/init.d"; + + # Linux registry + $default_registry_path = "/etc/sysconfig"; + # Platform-specific directories @pki_static_directories = ( "temp", "shared", @@ -608,6 +628,12 @@ if( $^O eq "linux" ) { "shared/lib", "work" ); + # Solaris init scripts + $default_init_scripts_path = "/etc/init.d"; + + # Solaris registry + $default_registry_path = "/etc/inet"; + # Superuser and group to give to PKI installed files $root_user = "root"; $root_group = "other"; @@ -717,6 +743,10 @@ if( -l $jaas_link ) { } } +# Establish PKI-level registry +$pki_registry_path = $default_registry_path + . "/" . $pki_flavor; + ############################################################## # PKI Instance Creation Subroutines @@ -875,36 +905,113 @@ sub usage() print( STDOUT "###############################################################################\n" - . "### EXAMPLE: PKI (Apache) subsystem instance creation of a TPS ###\n" + . "### EXAMPLES: ###\n" + . "### PKI (Tomcat) subsystem instance creation of a CA ###\n" + . "### PKI (Tomcat) subsystem instance creation of a Subordinate CA ###\n" + . "### PKI (Tomcat) subsystem instance creation of a KRA ###\n" + . "### PKI (Tomcat) subsystem instance creation of an OCSP ###\n" + . "### PKI (Tomcat) subsystem instance creation of a TKS ###\n" + . "### PKI (Apache) subsystem instance creation of an RA ###\n" + . "### PKI (Apache) subsystem instance creation of a TPS ###\n" + . "### PKI (Apache) subsystem instance creation of a second TPS ###\n" . "###############################################################################\n\n" - . "pkicreate -pki_instance_root=/var/lib \\\n" - . " -pki_instance_name=$pki_flavor-tps1 \\\n" - . " -subsystem_type=tps \\\n" - . " -secure_port=7989 \\\n" - . " -non_clientauth_secure_port=7990 \\\n" - . " -unsecure_port=7988 \\\n" - . " -user=pkiuser \\\n" - . " -group=pkiuser \\\n" - . " -redirect conf=/etc/$pki_flavor-tps1 \\\n" - . " -redirect logs=/var/log/$pki_flavor-tps1 \\\n" - . " -verbose\n\n" ); - - print( STDOUT - "###############################################################################\n" - . "### EXAMPLE: PKI (Tomcat) subsystem instance creation of a CA ###\n" - . "###############################################################################\n\n" - . "pkicreate -pki_instance_root=/var/lib \\\n" - . " -pki_instance_name=$pki_flavor-ca1 \\\n" - . " -subsystem_type=ca \\\n" - . " -agent_secure_port=9543 \\\n" - . " -ee_secure_port=9544 \\\n" - . " -admin_secure_port=9545 \\\n" - . " -unsecure_port=9580 \\\n" - . " -tomcat_server_port=9801 \\\n" - . " -user=pkiuser \\\n" - . " -group=pkiuser \\\n" - . " -redirect conf=/etc/$pki_flavor-ca1 \\\n" - . " -redirect logs=/var/log/$pki_flavor-ca1 \\\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-ca \\\n" + . " -subsystem_type=ca \\\n" + . " -agent_secure_port=9443 \\\n" + . " -ee_secure_port=9444 \\\n" + . " -admin_secure_port=9445 \\\n" + . " -unsecure_port=9180 \\\n" + . " -tomcat_server_port=9701 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-ca \\\n" + . " -redirect logs=/var/log/pki-ca \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-subca \\\n" + . " -subsystem_type=ca \\\n" + . " -agent_secure_port=9543 \\\n" + . " -ee_secure_port=9544 \\\n" + . " -admin_secure_port=9545 \\\n" + . " -unsecure_port=9580 \\\n" + . " -tomcat_server_port=9801 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-subca \\\n" + . " -redirect logs=/var/log/pki-subca \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-kra \\\n" + . " -subsystem_type=kra \\\n" + . " -agent_secure_port=10443 \\\n" + . " -ee_secure_port=10444 \\\n" + . " -admin_secure_port=10445 \\\n" + . " -unsecure_port=10180 \\\n" + . " -tomcat_server_port=10701 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-kra \\\n" + . " -redirect logs=/var/log/pki-kra \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-ocsp \\\n" + . " -subsystem_type=ocsp \\\n" + . " -agent_secure_port=11443 \\\n" + . " -ee_secure_port=11444 \\\n" + . " -admin_secure_port=11445 \\\n" + . " -unsecure_port=11180 \\\n" + . " -tomcat_server_port=11701 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-ocsp \\\n" + . " -redirect logs=/var/log/pki-ocsp \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-tks \\\n" + . " -subsystem_type=tks \\\n" + . " -agent_secure_port=13443 \\\n" + . " -ee_secure_port=13444 \\\n" + . " -admin_secure_port=13445 \\\n" + . " -unsecure_port=13180 \\\n" + . " -tomcat_server_port=13701 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-tks \\\n" + . " -redirect logs=/var/log/pki-tks \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-ra \\\n" + . " -subsystem_type=ra \\\n" + . " -secure_port=12889 \\\n" + . " -non_clientauth_secure_port=12890 \\\n" + . " -unsecure_port=12888 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-ra \\\n" + . " -redirect logs=/var/log/pki-ra \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-tps \\\n" + . " -subsystem_type=tps \\\n" + . " -secure_port=7889 \\\n" + . " -non_clientauth_secure_port=7890 \\\n" + . " -unsecure_port=7888 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-tps \\\n" + . " -redirect logs=/var/log/pki-tps \\\n" + . " -verbose\n\n" + . "pkicreate -pki_instance_root=/var/lib \\\n" + . " -pki_instance_name=pki-tps1 \\\n" + . " -subsystem_type=tps \\\n" + . " -secure_port=7989 \\\n" + . " -non_clientauth_secure_port=7990 \\\n" + . " -unsecure_port=7988 \\\n" + . " -user=pkiuser \\\n" + . " -group=pkiuser \\\n" + . " -redirect conf=/etc/pki-tps1 \\\n" + . " -redirect logs=/var/log/pki-tps1 \\\n" . " -verbose\n\n" ); print( STDOUT @@ -921,8 +1028,18 @@ sub pki_instance_already_exists { my $name = $_[0]; my $result = 0; + my $instance = ""; - my $instance = $default_start_stop_scripts . "/" . $name; + if( $subsystem_type ne $CA ) { + # BEGIN Legacy Start/Stop Implementation + $instance = $default_init_scripts_path + . "/" . $name; + # END Legacy Start/Stop Implementation + } else { + $instance = $pki_registry_path + . "/" . $subsystem_type + . "/" . $name; + } if( -e $instance ) { $result = 1; @@ -995,6 +1112,33 @@ sub parse_arguments() return 0; } + ## Mandatory "-subsystem_type=s" option + if( $subsystem_type ne $CA && + $subsystem_type ne $KRA && + $subsystem_type ne $OCSP && + $subsystem_type ne $TKS && + $subsystem_type ne $RA && + $subsystem_type ne $TPS ) { + usage(); + emit( "Illegal value => $subsystem_type : for -subsystem_type!\n", + "error" ); + return 0; + } + + $pki_subsystem_path = $pki_subsystem_common_area + . "/" . $subsystem_type; + + if( !( -d "$pki_subsystem_path" ) ) { + usage(); + emit( "$pki_subsystem_path not present. " + . "Please install the corresponding subsystem RPM first!\n", + "error" ); + return 0; + } else { + emit( " subsystem_type $subsystem_type\n" ); + } + + ## Mandatory "-pki_instance_name=s" option if( $pki_instance_name eq "" ) { usage(); @@ -1027,7 +1171,6 @@ sub parse_arguments() return 0; } - # capture installation information in a log file # (always overwrite this file) $logfile = "/var/log/$pki_instance_name-install.log"; @@ -1046,33 +1189,6 @@ sub parse_arguments() emit( " pki_instance_root $pki_instance_root\n" ); emit( " pki_instance_name $pki_instance_name\n" ); - - ## Mandatory "-subsystem_type=s" option - if( $subsystem_type ne $CA && - $subsystem_type ne $KRA && - $subsystem_type ne $OCSP && - $subsystem_type ne $TKS && - $subsystem_type ne $RA && - $subsystem_type ne $TPS ) { - usage(); - emit( "Illegal value => $subsystem_type : for -subsystem_type!\n", - "error" ); - return 0; - } - - $pki_subsystem_path = $pki_subsystem_common_area - . "/" . $subsystem_type; - - if( !( -d "$pki_subsystem_path" ) ) { - usage(); - emit( "$pki_subsystem_path not present. " - . "Please install the corresponding subsystem RPM first!\n", - "error" ); - return 0; - } else { - emit( " subsystem_type $subsystem_type\n" ); - } - ## Mandatory "-secure_port=" option if( $l_secure_port >= 0 ) { $secure_port = $l_secure_port; @@ -1485,7 +1601,8 @@ sub initialize_subdirectory_paths() ## Initialize subdirectory paths (subsystem independent) $pki_cfg_subsystem_file_path = $conf_subsystem_path . "/" . $pki_cfg_base_name; - $pki_start_stop_script_instance_file_path = $default_start_stop_scripts + # BEGIN Legacy Start/Stop Implementation + $pki_start_stop_script_instance_file_path = $default_init_scripts_path . "/" . $pki_instance_name; $pki_start_stop_script_subsystem_file_path = $pki_subsystem_path . "/" . $etc_base_subsystem_dir @@ -1493,6 +1610,7 @@ sub initialize_subdirectory_paths() . "/" . $httpd_base_name; $pki_start_stop_script_symlink_path = $pki_instance_path . "/" . $pki_instance_name; + # END Legacy Start/Stop Implementation if( $^O eq "linux" ) { $setup_config_instance_file_path = $setup_config_area . "/" . $pki_instance_name @@ -1501,6 +1619,19 @@ sub initialize_subdirectory_paths() . "/" . $setup_config_name; } + if( $subsystem_type eq $CA ) { + $pki_init_script = $CA_INIT_SCRIPT; + } elsif( $subsystem_type eq $KRA ) { + $pki_init_script = $KRA_INIT_SCRIPT; + } elsif( $subsystem_type eq $OCSP ) { + $pki_init_script = $OCSP_INIT_SCRIPT; + } elsif( $subsystem_type eq $RA ) { + $pki_init_script = $RA_INIT_SCRIPT; + } elsif( $subsystem_type eq $TKS ) { + $pki_init_script = $TKS_INIT_SCRIPT; + } elsif( $subsystem_type eq $TPS ) { + $pki_init_script = $TPS_INIT_SCRIPT; + } ## Initialize subdirectory paths (CA subsystems) # if( $subsystem_type eq $CA ) { @@ -1612,12 +1743,8 @@ sub initialize_subdirectory_paths() . "/" . $webinf_base_instance_dir; $webinf_lib_instance_path = $webinf_instance_path . "/" . $lib_base_instance_dir; - $java_pki_flavor_jar_path = $default_java_path . "/" . $pki_flavor; - $java_pki_flavor_subsystem_jar_path = $java_pki_flavor_jar_path - . "/" . $subsystem_type; - $catalina_sh_instance_file_path = $default_system_user_binaries . "/" . $catalina_sh_base_name . "-" . $pki_instance_name; @@ -1659,8 +1786,17 @@ sub initialize_subdirectory_paths() . "/" . $server_xml_base_name; $servercertnick_conf_subsystem_file_path = $conf_subsystem_path . "/" . $servercertnick_conf_base_name; - $subsystem_jar_file_path = $java_pki_flavor_subsystem_jar_path + if( $subsystem_type eq $CA ) { + $subsystem_jar_file_path = $default_java_path . "/" . $subsystem_type . ".jar"; + } else { + # BEGIN Legacy Start/Stop Implementation + $subsystem_jar_file_path = $default_java_path + . "/" . $pki_flavor + . "/" . $subsystem_type + . "/" . $subsystem_type . ".jar"; + # END Legacy Start/Stop Implementation + } $subsystem_jar_symlink_path = $webinf_lib_instance_path . "/" . $subsystem_type . ".jar"; $tomcat5_conf_subsystem_file_path = $conf_subsystem_path @@ -2397,26 +2533,30 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so chmod( $default_file_permissions, $pki_cfg_instance_file_path ); - # process "httpd" template - # - # NOTE: CA, KRA, OCSP, TKS instances are dependent upon the location - # of the instance-specific "server.xml" file, while RA and TPS - # instances are dependent upon the instance-specific location - # of the "nss.conf" file. - # - $result = process_file_template( - $pki_start_stop_script_subsystem_file_path, - $pki_start_stop_script_instance_file_path, - \%slot_hash ); - if( !$result ) { - return 0; - } + # BEGIN Legacy Start/Stop Implementation + if( $subsystem_type ne $CA ) { + # process "httpd" template + # + # NOTE: CA, KRA, OCSP, TKS instances are dependent upon the location + # of the instance-specific "server.xml" file, while RA and TPS + # instances are dependent upon the instance-specific location + # of the "nss.conf" file. + # + $result = process_file_template( + $pki_start_stop_script_subsystem_file_path, + $pki_start_stop_script_instance_file_path, + \%slot_hash ); + if( !$result ) { + return 0; + } - chmod( $default_exe_permissions, - $pki_start_stop_script_instance_file_path ); + chmod( $default_exe_permissions, + $pki_start_stop_script_instance_file_path ); - push( @installed_files, - $pki_start_stop_script_instance_file_path ); + push( @installed_files, + $pki_start_stop_script_instance_file_path ); + } + # END Legacy Start/Stop Implementation if( $^O eq "linux" ) { @@ -2764,30 +2904,83 @@ sub process_pki_files_and_symlinks() $pfile_instance_file_path ); - # create instance symlink to actual instance "start/stop" script - $result = create_symbolic_link( $pki_start_stop_script_symlink_path, - $pki_start_stop_script_instance_file_path ); - if( !$result ) { - return 0; - } - # - # NOTE: This symlink requires "$root_user:$root_group" ownership - # since the destination that it refers to is owned by - # "$root_user:$root_group". - # - $result = give_symbolic_link_to( $pki_start_stop_script_symlink_path, - $root_user, - $root_group ); - if( !$result ) { - emit( "$pki_start_stop_script_instance_file_path ownership problems!", - "error" ); - return 0; - } + if( $subsystem_type ne $CA ) { + # BEGIN Legacy Start/Stop Implementation + # create instance symlink to actual instance "start/stop" script + $result = create_symbolic_link( $pki_start_stop_script_symlink_path, + $pki_start_stop_script_instance_file_path ); + if( !$result ) { + return 0; + } + # + # NOTE: This symlink requires "$root_user:$root_group" ownership + # since the destination that it refers to is owned by + # "$root_user:$root_group". + # + $result = give_symbolic_link_to( $pki_start_stop_script_symlink_path, + $root_user, + $root_group ); + if( !$result ) { + emit( "$pki_start_stop_script_instance_file_path ownership problems!", + "error" ); + return 0; + } + # END Legacy Start/Stop Implementation + } else { + # generate a local init script for this PKI instance + my $local_pki_init_script = new FileHandle; + my $local_pki_init_script_name = $pki_instance_path + . "/" . $pki_instance_name; + my $local_pki_init_script_command = ""; + + # create this PKI instance's local init script + $local_pki_init_script->open( ">$local_pki_init_script_name" ) or + die "Could not open $local_pki_init_script_name\n"; + + # publish the appropriate contents to this + # PKI instance's local init script + $local_pki_init_script->print( "#!/bin/bash\n" ); + $local_pki_init_script->print( "if [ \$# -ne 1 ]; then\n" ); + $local_pki_init_script->print( " echo \"Usage: \$0 {start|stop|restart|condrestart|force-restart|try-restart|reload|status}\"\n" ); + $local_pki_init_script->print( " exit 3\n" ); + $local_pki_init_script->print( "fi\n\n" ); + + if( $^O eq "linux" ) { + $local_pki_init_script_command = "/sbin/service" + . " " . $pki_init_script + . " " . "\$1" + . " " . $pki_instance_name; + } else { + # default case: e. g. - ( $^O eq "solaris" ) + $local_pki_init_script_command = $default_init_scripts_path + . "/" . $pki_init_script + . " " . "\$1" + . " " . $pki_instance_name; + } + $local_pki_init_script->print( "$local_pki_init_script_command\n\n" ); - ## Populate instances (CA instances) - # if( $subsystem_type eq $CA ) { - # } + # close and save this PKI instance's local init script + $local_pki_init_script->close(); + + # + # NOTE: This PKI instance's local init script requires + # "$root_user:$root_group" ownership since the + # destination that it refers to is owned by + # "$root_user:$root_group". + # + $result = give_file_to( $local_pki_init_script_name, + $root_user, + $root_group ); + if( !$result ) { + emit( "$local_pki_init_script_name ownership problems!", + "error" ); + return 0; + } + + chmod( $default_exe_permissions, + $local_pki_init_script_name ); + } ## Populate instances (RA, TPS instances) @@ -3106,6 +3299,179 @@ sub process_pki_security_modules() return 1; } +# no args +# return 1 - success, or +# return 0 - failure +sub build_pki_registry_subsystem_path() +{ + my $result = 0; + + # Establish PKI subsystem-level registry + $pki_registry_subsystem_path = $pki_registry_path + . "/" . $subsystem_type; + + if( !directory_exists( "$pki_registry_subsystem_path" ) ) { + # create pki registry for this subsystem + $result = create_directory( "$pki_registry_subsystem_path" ); + if( !$result ) { + emit( "Failed to create directory " + . "$pki_registry_subsystem_path ...\n" ); + return 0; + } + } + + return 1; +} + +# no args +# return 1 - success, or +# return 0 - failure +sub construct_pki_instance_registry() +{ + my $result = 0; + + # generate a registry entry for this PKI instance + $pki_instance_registry = new FileHandle; + $pki_instance_registry_entry = $pki_registry_subsystem_path + . "/" . $pki_instance_name; + + # create this PKI instance's registry entry + $pki_instance_registry->open( ">$pki_instance_registry_entry" ) or + die "Could not open $pki_instance_registry_entry\n"; + + # publish the appropriate contents to this PKI instance's registry entry + if( $subsystem_type eq $CA || + $subsystem_type eq $KRA || + $subsystem_type eq $OCSP || + $subsystem_type eq $TKS ) { + $pki_instance_registry->print( "# Establish PKI Variable \"Slot\" " + . "Substitutions\n\n" ); + $pki_instance_registry->print( "PKI_FLAVOR=$pki_flavor\n" ); + $pki_instance_registry->print( "export PKI_FLAVOR\n\n" ); + $pki_instance_registry->print( "PKI_GROUP=$pki_group\n" ); + $pki_instance_registry->print( "export PKI_GROUP\n\n" ); + $pki_instance_registry->print( "PKI_INSTANCE_ID=$pki_instance_name\n" ); + $pki_instance_registry->print( "export PKI_INSTANCE_ID\n\n" ); + $pki_instance_registry->print( "PKI_INSTANCE_PATH=" + . "$pki_instance_path\n" ); + $pki_instance_registry->print( "export PKI_INSTANCE_PATH\n\n" ); + $pki_instance_registry->print( "PKI_SERVER_XML_CONF=" + . "$server_xml_instance_file_path\n" ); + $pki_instance_registry->print( "export PKI_SERVER_XML_CONF\n\n" ); + $pki_instance_registry->print( "PKI_SUBSYSTEM_TYPE=$subsystem_type\n" ); + $pki_instance_registry->print( "export PKI_SUBSYSTEM_TYPE\n\n" ); + $pki_instance_registry->print( "PKI_USER=$pki_user\n" ); + $pki_instance_registry->print( "export PKI_USER\n\n" ); + $pki_instance_registry->print( "# Use CATALINA_BASE\n\n" ); + $pki_instance_registry->print( "CATALINA_BASE=" + . "\${PKI_INSTANCE_PATH}\n" ); + $pki_instance_registry->print( "export CATALINA_BASE\n\n" ); + $pki_instance_registry->print( "# Get Tomcat config\n\n" ); + $pki_instance_registry->print( "TOMCAT_CFG=\"\${PKI_INSTANCE_PATH}/" + . "conf/tomcat5.conf\"\n" ); + $pki_instance_registry->print( "export TOMCAT_CFG\n\n" ); + $pki_instance_registry->print( "[ -r \"\$TOMCAT_CFG\" ] && " + . ". \"\${TOMCAT_CFG}\"\n\n" ); + $pki_instance_registry->print( "# Path to the tomcat launch script " + . "(direct don't use wrapper)\n" ); + $pki_instance_registry->print( "TOMCAT_SCRIPT=/usr/bin/" + . "dtomcat5-\${PKI_INSTANCE_ID}\n" ); + $pki_instance_registry->print( "export TOMCAT_SCRIPT\n\n" ); + $pki_instance_registry->print( "# Path to the script that will " + . "refresh jar symlinks on startup\n" ); + $pki_instance_registry->print( "if [ \${OS} = \"Linux\" ] ; then\n" ); + $pki_instance_registry->print( " TOMCAT_RELINK_SCRIPT=\"/usr/share/" + . "tomcat5/bin/relink\"\n" ); + $pki_instance_registry->print( " export TOMCAT_RELINK_SCRIPT\n" ); + $pki_instance_registry->print( "fi\n\n" ); + $pki_instance_registry->print( "# Tomcat name :)\n" ); + $pki_instance_registry->print( "TOMCAT_PROG=\${PKI_INSTANCE_ID}\n" ); + $pki_instance_registry->print( "export TOMCAT_PROG\n\n" ); + $pki_instance_registry->print( "# if TOMCAT_USER is not set, use " + . "tomcat5 like Apache HTTP server\n" ); + $pki_instance_registry->print( "if [ -z \"\$TOMCAT_USER\" ]; then\n" ); + $pki_instance_registry->print( " TOMCAT_USER=\"\${PKI_USER}\"\n" ); + $pki_instance_registry->print( " export TOMCAT_USER\n" ); + $pki_instance_registry->print( "fi\n\n" ); + $pki_instance_registry->print( "# if TOMCAT_GROUP is not set, use " + . "tomcat5 like Apache HTTP server\n" ); + $pki_instance_registry->print( "if [ -z \"\$TOMCAT_GROUP\" ]; then\n" ); + $pki_instance_registry->print( " TOMCAT_GROUP=\"\${PKI_GROUP}\"\n" ); + $pki_instance_registry->print( " export TOMCAT_GROUP\n" ); + $pki_instance_registry->print( "fi\n\n" ); + $pki_instance_registry->print( "# Since the daemon function will " + . "sandbox \$tomcat\n" ); + $pki_instance_registry->print( "# no environment stuff should be " + . "defined here anymore.\n" ); + $pki_instance_registry->print( "# Please use the " + . "\${PKI_INSTANCE_PATH}/conf/" + . "tomcat5.conf\n" ); + $pki_instance_registry->print( "# file instead ; it will be read by " + . "the \$tomcat script\n\n" ); + $pki_instance_registry->print( "PKI_LOCKDIR=" + . "\"/var/lock/$pki_flavor/" + . "$subsystem_type\"\n" ); + $pki_instance_registry->print( "export PKI_LOCKDIR\n" ); + $pki_instance_registry->print( "PKI_LOCKFILE=" + . "\"\${PKI_LOCKDIR}/" + . "\${PKI_INSTANCE_ID}.pid\"\n" ); + $pki_instance_registry->print( "export PKI_LOCKFILE\n" ); + $pki_instance_registry->print( "PKI_PIDFILE=" + . "\"\${PKI_INSTANCE_ID}.pid\"\n" ); + $pki_instance_registry->print( "export PKI_PIDFILE\n" ); + $pki_instance_registry->print( "pki_instance_configuration_file=" + . "\${PKI_INSTANCE_PATH}/conf/CS.cfg\n" ); + $pki_instance_registry->print( "export " + . "pki_instance_configuration_file\n\n" ); + $pki_instance_registry->print( "RESTART_SERVER=\${PKI_INSTANCE_PATH}/" + . "conf/" + . "restart_server_after_configuration\n" ); + $pki_instance_registry->print( "export RESTART_SERVER\n\n" ); +# } elsif( $subsystem_type eq $RA || +# $subsystem_type eq $TPS ) { + } + + # close and save this PKI instance's registry entry + $pki_instance_registry->close(); + + $result = give_file_to( $pki_instance_registry_entry, + $root_user, + $root_group ); + if( !$result ) { + emit( "$pki_instance_registry_entry ownership problems!", + "error" ); + return 0; + } + + chmod( $default_file_permissions, + $pki_instance_registry_entry ); + + push( @installed_files, + $pki_instance_registry_entry ); + + return 1; +} + +# no args +# return 1 - success, or +# return 0 - failure +sub register_pki_instance() +{ + my $result = 0; + + $result = build_pki_registry_subsystem_path(); + if( !$result ) { + return 0; + } + + $result = construct_pki_instance_registry(); + if( !$result ) { + return 0; + } + + return 1; +} + sub parse_selinux_ports() { open SM, '/usr/sbin/semanage port -l |grep tcp |sed \'s/tcp/___/g\'|sed \'s/\s//g\'|'; @@ -3233,13 +3599,17 @@ sub process_pki_selinux_setup() system("$restorecon -F -R /usr/bin/dtomcat5-$pki_instance_name"); } - # set file context for /etc/rc.d/init.d/$pki_instance_name" - if ($pki_instance_name ne $default_inst_name) { - &add_selinux_file_context($setype . "_script_exec_t", - "/etc/rc\\.d/init\\.d/$pki_instance_name", "f"); - } - emit("Restorecon file context for /etc/rc.d/init.d/$pki_instance_name\n"); - system("$restorecon -F -R /etc/rc.d/init.d/$pki_instance_name"); + # BEGIN Legacy Start/Stop Implementation + if( $subsystem_type ne $CA ) { + # set file context for /etc/rc.d/init.d/$pki_instance_name" + if ($pki_instance_name ne $default_inst_name) { + &add_selinux_file_context($setype . "_script_exec_t", + "/etc/rc\\.d/init\\.d/$pki_instance_name", "f"); + } + emit("Restorecon file context for /etc/rc.d/init.d/$pki_instance_name\n"); + system("$restorecon -F -R /etc/rc.d/init.d/$pki_instance_name"); + } + # END Legacy Start/Stop Implementation # set file context for $pki_instance_root/$pki_instance_name if (($pki_instance_name ne $default_inst_name) || ($pki_instance_root ne $default_inst_root)) { @@ -3370,6 +3740,18 @@ sub install_pki_instance() return 0; } + if( $subsystem_type eq $CA ) { + $result = register_pki_instance(); + if( !$result ) { + return 0; + } +# BEGIN Legacy Start/Stop Implementation +# } else { +# # Instance Registration ONLY applies +# # to the new Start/Stop Implementation +# END Legacy Start/Stop Implementation + } + if (($^O eq "linux") && ( is_Fedora() || (is_RHEL() && (! is_RHEL4())))){ $result = process_pki_selinux_setup(); if (!result ) { @@ -3469,6 +3851,20 @@ sub cleanup() } } + # If empty, remove the PKI subsystem-level registry + if( directory_exists( $pki_registry_subsystem_path ) ) { + if( is_directory_empty( $pki_registry_subsystem_path ) ) { + remove_directory( $pki_registry_subsystem_path ); + } + } + + # If empty, remove the PKI-level registry + if( directory_exists( $pki_registry_path ) ) { + if( is_directory_empty( $pki_registry_path ) ) { + remove_directory( $pki_registry_path ); + } + } + return; } @@ -3559,36 +3955,61 @@ ASK_AGAIN: exit 255; } - # Register this instance with "chkconfig" - if( $^O eq "linux" ) { - my $runlevel = $DEFAULT_RUNLEVEL; - my $start_priority = $DEFAULT_START_PRIORITY; - my $stop_priority = $DEFAULT_STOP_PRIORITY; + # BEGIN Legacy Start/Stop Implementation + if( $subsystem_type ne $CA ) { + # Register this instance with "chkconfig" + if( $^O eq "linux" ) { + my $runlevel = $DEFAULT_RUNLEVEL; + my $start_priority = $DEFAULT_START_PRIORITY; + my $stop_priority = $DEFAULT_STOP_PRIORITY; - # Extract "chkconfig" parameters from instance start/stop script - ( $runlevel, $start_priority, $stop_priority ) = - extract_chkconfig_parameters_from_start_stop_script( - $pki_start_stop_script_instance_file_path ); - emit( "Setting '$pki_instance_name' runlevel " - . "to '$runlevel'\n" ); - emit( "Setting '$pki_instance_name' start priority " - . "to '$start_priority'\n" ); - emit( "Setting '$pki_instance_name' stop priority " - . "to '$stop_priority'\n" ); + # Extract "chkconfig" parameters from instance start/stop script + ( $runlevel, $start_priority, $stop_priority ) = + extract_chkconfig_parameters_from_start_stop_script( + $pki_start_stop_script_instance_file_path ); + emit( "Setting '$pki_instance_name' runlevel " + . "to '$runlevel'\n" ); + emit( "Setting '$pki_instance_name' start priority " + . "to '$start_priority'\n" ); + emit( "Setting '$pki_instance_name' stop priority " + . "to '$stop_priority'\n" ); - # Register this instance with '/sbin/chkconfig' - register_pki_instance_with_chkconfig( $pki_instance_name ); + # Register this instance with '/sbin/chkconfig' + register_pki_instance_with_chkconfig( $pki_instance_name ); + } } + # END Legacy Start/Stop Implementation # Activate this instance if( $^O eq "linux" ) { - $pki_start_stop_command = "/sbin/service" . " " . $pki_instance_name; + if( $subsystem_type ne $CA ) { + # BEGIN Legacy Start/Stop Implementation + $pki_init_script_command = "/sbin/service" + . " " . $pki_instance_name + . " " . "restart"; + # END Legacy Start/Stop Implementation + } else { + $pki_init_script_command = "/sbin/service" + . " " . $pki_init_script + . " " . "restart" + . " " . $pki_instance_name; + } } else { # default case: e. g. - ( $^O eq "solaris" ) - $pki_start_stop_command = $pki_start_stop_script_instance_file_path; + if( $subsystem_type ne $CA ) { + # BEGIN Legacy Start/Stop Implementation + $pki_init_script_command = $pki_start_stop_script_instance_file_path + . " " . "restart"; + # END Legacy Start/Stop Implementation + } else { + $pki_init_script_command = $default_init_scripts_path + . "/" . $pki_init_script + . " " . "restart" + . " " . $pki_instance_name; + } } - $command = "$pki_start_stop_command start"; + $command = "$pki_init_script_command"; system( "$command" ); @@ -3641,11 +4062,9 @@ ASK_AGAIN: print( STDOUT "After configuration, the server can be operated by the command:\n\n" - . " $pki_start_stop_command " - . "start | stop | restart\n\n" ); + . " $pki_init_script_command\n\n" ); emit( "After configuration, the server can be operated by the command:\n" - . "$pki_start_stop_command " - . "start | stop | restart\n", + . "$pki_init_script_command\n", "log" ); # If it exists, close the log file diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index 74393cc2c..206716cd7 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -155,16 +155,40 @@ my $force = 0; my $pki_instance_path = ""; my $subsystem_type = ""; +# PKI init script variables +my $default_init_scripts_path = ""; +my $pki_init_script = ""; +my $pki_init_script_command = ""; + +# PKI registry variables +my $default_registry_path = ""; +my $pki_registry_path = ""; +my $pki_registry_subsystem_path = ""; ############################################################## # Platform-Dependent Data Initialization ############################################################## +if( $^O eq "linux" ) { + $default_init_scripts_path = "/etc/rc\\.d/init\\.d"; + $default_registry_path = "/etc/sysconfig"; +} elsif( $^O eq "solaris" ) { + $default_init_scripts_path = "/etc/init\\.d"; + $default_registry_path = "/etc/inet"; +} else { + print( STDERR + "ERROR: Unsupported platform '$^O'!\n" ); + print( STDOUT "\n" ); + exit 255; +} ############################################################## # Local Data Initialization ############################################################## +# Establish PKI-level registry +$pki_registry_path = $default_registry_path + . "/" . $pki_flavor; ############################################################## # PKI Instance Removal Subroutines @@ -196,7 +220,7 @@ sub usage() print( STDOUT "Example: pkiremove -pki_instance_root=/var/lib " - . "-pki_instance_name=$pki_flavor-ca1\n\n " ); + . "-pki_instance_name=pki-ca\n\n " ); print( STDOUT "IMPORTANT: Must be run as root!\n\n" ); @@ -377,10 +401,14 @@ sub remove_selinux_fcontexts() "/usr/bin/dtomcat5-$pki_instance_name", "f"); } - # remove context for /etc/rc.d/init.d/$pki_instance_name - if ($pki_instance_name ne $default_inst_name) { - &remove_fcontext($setype . "_script_exec_t", - "/etc/rc\\.d/init\\.d/$pki_instance_name", "f"); + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + # remove context for "$default_init_scripts_path/$pki_instance_name" + if( $pki_instance_name ne $default_inst_name ) { + &remove_fcontext( $setype . "_script_exec_t", + "/etc/rc\\.d/init\\.d/$pki_instance_name", "f" ); + } } # remove context for $pki_instance_root/$pki_instance_name @@ -508,10 +536,12 @@ sub remove_instance() . "/" . $saved_cleanup_file_name; my @files; my @directories; - my $pki_start_stop_command = ""; - my $pki_start_stop_script_instance_file_path = ""; my $confirm = "Y"; + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + my $pki_start_stop_script_instance_file_path = ""; + ASK_AGAIN: if( !$force ) { $confirm = prompt( "You have elected to remove the instance " @@ -570,8 +600,12 @@ ASK_AGAIN: @file_split = split( '/', $line ); my $last = @file_split; - if( $file_split[$last -1] eq $pki_instance_name ) { - $pki_start_stop_script_instance_file_path = $line; + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + if( $file_split[$last -1] eq $pki_instance_name ) { + $pki_start_stop_script_instance_file_path = $line; + } } } @@ -582,31 +616,75 @@ ASK_AGAIN: $cleanup->close(); - if( $pki_start_stop_script_instance_file_path eq "" ) { - print( STDERR - "ERROR: Can't locate start script of " - . "instance to be cleaned up!\n" ); - return $result; + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + if( $pki_start_stop_script_instance_file_path eq "" ) { + print( STDERR + "ERROR: Can't locate start script of " + . "instance to be cleaned up!\n" ); + return $result; + } } # De-register this instance with "chkconfig" if( $^O eq "linux" ) { - # De-register this instance with '/sbin/chkconfig' - print( STDOUT "\n" ); - print( STDOUT - "De-registering '$pki_instance_name' from " - . "'/sbin/chkconfig'.\n" ); - deregister_pki_instance_with_chkconfig( $pki_instance_name ); + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + # De-register this instance with '/sbin/chkconfig' + print( STDOUT "\n" ); + print( STDOUT + "De-registering '$pki_instance_name' from " + . "'/sbin/chkconfig'.\n" ); + deregister_pki_instance_with_chkconfig( $pki_instance_name ); + } } + if( $subsystem_type eq $CA ) { + $pki_init_script = $CA_INIT_SCRIPT; + } elsif( $subsystem_type eq $KRA ) { + $pki_init_script = $KRA_INIT_SCRIPT; + } elsif( $subsystem_type eq $OCSP ) { + $pki_init_script = $OCSP_INIT_SCRIPT; + } elsif( $subsystem_type eq $RA ) { + $pki_init_script = $RA_INIT_SCRIPT; + } elsif( $subsystem_type eq $TKS ) { + $pki_init_script = $TKS_INIT_SCRIPT; + } elsif( $subsystem_type eq $TPS ) { + $pki_init_script = $TPS_INIT_SCRIPT; + } + + # Shutdown this instance if( $^O eq "linux" ) { - $pki_start_stop_command = "/sbin/service" . " " . $pki_instance_name; + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + $pki_init_script_command = "/sbin/service" + . " " . $pki_instance_name + . " " . "stop"; + } else { + $pki_init_script_command = "/sbin/service" + . " " . $pki_init_script + . " " . "stop" + . " " . $pki_instance_name; + } } else { # default case: e. g. - ( $^O eq "solaris" ) - $pki_start_stop_command = $pki_start_stop_script_instance_file_path; + if( entity_exists( "$default_init_scripts_path/$pki_instance_name" ) ) { + # For backwards compatibility, support removal of instances + # which use the legacy start/stop implementation + $pki_init_script_command = $pki_start_stop_script_instance_file_path + . " " . "stop"; + } else { + $pki_init_script_command = $default_init_scripts_path + . "/" . $pki_init_script + . " " . "stop" + . " " . $pki_instance_name; + } } - $command = "$pki_start_stop_command stop"; + $command = "$pki_init_script_command"; system( "$command" ); @@ -721,6 +799,24 @@ sub main() exit 255; } + # Establish PKI subsystem-level registry + $pki_registry_subsystem_path = $pki_registry_path + . "/" . $subsystem_type; + + # If empty, remove the PKI subsystem-level registry + if( directory_exists( $pki_registry_subsystem_path ) ) { + if( is_directory_empty( $pki_registry_subsystem_path ) ) { + remove_directory( $pki_registry_subsystem_path ); + } + } + + # If empty, remove the PKI-level registry + if( directory_exists( $pki_registry_path ) ) { + if( is_directory_empty( $pki_registry_path ) ) { + remove_directory( $pki_registry_path ); + } + } + return $result; } diff --git a/pki/base/silent/LICENSE b/pki/base/silent/LICENSE index e36f2269a..e281f4362 100644 --- a/pki/base/silent/LICENSE +++ b/pki/base/silent/LICENSE @@ -11,26 +11,6 @@ You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -In addition, as a special exception, Red Hat, Inc. gives You the additional -right to link the code of this Program with code not covered under the GNU -General Public License ("Non-GPL Code") and to distribute linked combinations -including the two, subject to the limitations in this paragraph. Non-GPL -Code permitted under this exception must only link to the code of this -Program through those well defined interfaces identified in the file named -EXCEPTION found in the source code files (the "Approved Interfaces"). - -The files of Non-GPL Code may instantiate templates or use macros or inline -functions from the Approved Interfaces without causing the resulting work to -be covered by the GNU General Public License. Only Red Hat, Inc. may make -changes or additions to the list of Approved Interfaces. You must obey the -GNU General Public License in all respects for all of the Program code and -other code used in conjunction with the Program except the Non-GPL Code -covered by this exception. If you modify this file, you may extend this -exception to your version of the file, but you are not obligated to do so. -If you do not wish to provide this exception without modification, you must -delete this exception statement from your version and license this file -solely under the GPL without exception. - GNU GENERAL PUBLIC LICENSE Version 2, June 1991 diff --git a/pki/base/silent/templates/subca_silent.template b/pki/base/silent/templates/subca_silent.template index 06b930ef8..b37551099 100755 --- a/pki/base/silent/templates/subca_silent.template +++ b/pki/base/silent/templates/subca_silent.template @@ -139,7 +139,7 @@ pki_host=`hostname` ca_subsystem_name="Certificate\ Authority" ## PKI Subsystem Instance Names -subca_instance_name="pki-ca1" +subca_instance_name="pki-subca" ## ## NOTE: Default PKI Instance Ports @@ -158,7 +158,7 @@ subca_instance_name="pki-ca1" ## semanage port -l | grep pki ## ## pki_ca_port_t tcp 9180, 9701, 9443, 9444, 9445 -## pki_ca1_port_t tcp 9580, 9801, 9543, 9544, 9545 +## pki_subca_port_t tcp 9580, 9801, 9543, 9544, 9545 ## ## CA ports -- cgit