From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- pki/dogtag/scripts/remove_default_pki_instances | 115 ++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100755 pki/dogtag/scripts/remove_default_pki_instances (limited to 'pki/dogtag/scripts/remove_default_pki_instances') diff --git a/pki/dogtag/scripts/remove_default_pki_instances b/pki/dogtag/scripts/remove_default_pki_instances new file mode 100755 index 000000000..3ec355f1f --- /dev/null +++ b/pki/dogtag/scripts/remove_default_pki_instances @@ -0,0 +1,115 @@ +#!/bin/bash +## BEGIN COPYRIGHT BLOCK +## (C) 2008 Red Hat, Inc. +## All rights reserved. +## END COPYRIGHT BLOCK + +## Always switch into this base directory +## prior to script execution so that all +## of its output is written to this directory + +cd `dirname $0` + + +## +## This script MUST be run as root! +## + +ROOTUID=0 + +OS=`uname` +if [ "${OS}" = "Linux" ] ; then + MY_EUID=`/usr/bin/id -u` + MY_UID=`/usr/bin/id -ur` + USERNAME=`/usr/bin/id -un` +else + printf "ERROR: Unsupported operating system '${OS}'!\n" + exit 255 +fi + +if [ "${MY_UID}" != "${ROOTUID}" ] && + [ "${MY_EUID}" != "${ROOTUID}" ] ; then + printf "ERROR: The '$0' script must be run as root!\n" + exit 255 +fi + + + +## +## Define DEFAULT PKI Instances +## + +PKI_DIR="/var/lib" + +PKI_CA="pki-ca" +PKI_DRM="pki-kra" +PKI_OCSP="pki-ocsp" +PKI_TKS="pki-tks" +PKI_RA="pki-ra" +PKI_TPS="pki-tps" + +## +## NOTE: Always remove "${PKI_CA}" last, as it will most +## likely host the default Security Domain! +## +PKI_INSTANCES="${PKI_TPS} ${PKI_RA} ${PKI_TKS} ${PKI_OCSP} ${PKI_DRM} ${PKI_CA}" + + + +## +## Ask user if is is okay to remove ALL DEFAULT PKI instances +## + +printf "REMINDER: PKI instances contain user's PKI data, and consist of\n" +printf " DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n" +printf " DEFAULT PKI instances are automatically created whenever\n" +printf " one of the PKI subsystems are installed UNLESS that\n" +printf " particular PKI subsystem's DEFAULT PKI instance\n" +printf " already exists.\n\n" +printf " DEFAULT PKI instances consist of the following:\n\n" +printf " CA - ${PKI_DIR}/${PKI_CA}\n" +printf " DRM - ${PKI_DIR}/${PKI_DRM}\n" +printf " OCSP - ${PKI_DIR}/${PKI_OCSP}\n" +printf " RA - ${PKI_DIR}/${PKI_RA}\n" +printf " TKS - ${PKI_DIR}/${PKI_TKS}\n" +printf " TPS - ${PKI_DIR}/${PKI_TPS}\n\n" +while : +do + printf "This script REMOVES ALL DEFAULT PKI instances! " + printf "Is this okay? [yn] " + read ANSWER + printf "\n" + if [ "${ANSWER}" = "Y" ] || + [ "${ANSWER}" = "y" ] ; then + printf "\n" + break + elif [ "${ANSWER}" = "N" ] || + [ "${ANSWER}" = "n" ] ; then + printf "\n" + printf "No DEFAULT PKI instances will be removed.\n\n" + exit 255 + else + continue + fi +done + + + +## +## Remove ALL DEFAULT PKI Instances present . . . +## + +INSTANCES=0 +for INSTANCE in ${PKI_INSTANCES} ; do + if [ -d "${PKI_DIR}/${INSTANCE}" ] ; then + INSTANCES=`expr $INSTANCES + 1` + pkiremove -pki_instance_root=${PKI_DIR} -pki_instance_name=${INSTANCE} -force + fi +done + +if [ ${INSTANCES} -eq 0 ] ; then + printf "No DEFAULT PKI instances need to be removed.\n\n" +fi + +exit 0 + -- cgit