freeipa.git/install/restart_scripts/stop_pkicad, branch AD-binds FreeIPA patches Make certificate renewal process synchronized 2015-01-13T18:34:59+00:00 Jan Cholasta jcholast@redhat.com 2015-01-08T09:06:46+00:00 b9ae7690489368ead9f4983d386fa210dc265dfa Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com> 
Synchronization is achieved using a global renewal lock.

https://fedorahosted.org/freeipa/ticket/4803

Reviewed-By: David Kupka <dkupka@redhat.com>
ipaplatform: Remove redundant imports of ipaservices 2014-06-16T17:48:20+00:00 Tomas Babej tbabej@redhat.com 2014-05-29T08:51:08+00:00 c7edd7b68c98d105f02a5977a0ff7c2a3081f2c9 Also fixes few incorrect imports. https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
Also fixes few incorrect imports.

https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
ipaplatform: Change service code in freeipa to use ipaplatform services 2014-06-16T17:48:19+00:00 Tomas Babej tbabej@redhat.com 2014-05-29T08:37:18+00:00 49fcd42f8fd71b894a0953a37f10a6c326e16048 https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Log unhandled exceptions in certificate renewal scripts. 2014-03-10T17:41:10+00:00 Jan Cholasta jcholast@redhat.com 2014-01-23T14:33:26+00:00 8e986904096925fc08df8cbdf271d722314c5460 https://fedorahosted.org/freeipa/ticket/4093 Reviewed-By: Petr Viktorin <pviktori@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4093

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Revert restart scripts file permissions change 2014-01-08T08:54:53+00:00 Martin Kosek mkosek@redhat.com 2014-01-08T08:52:08+00:00 554d43d6891990fc6088ba6901ce78ff318290f0 Previous commit accidentally added executable permission to restart_pkicad and stop_pkicad. 
Previous commit accidentally added executable permission to
restart_pkicad and stop_pkicad.
PKI service restart after CA renewal failed 2014-01-08T08:47:23+00:00 Jan Cholasta jcholast@redhat.com 2013-10-15T17:47:12+00:00 911f5e9eb76099f8e5cfcff1232c1b10ad05b45a Fix both the service restart procedure and registration of old pki-cad well known service name. This patch was adapted from original patch of Jan Cholasta 178 to fix ticket 4092. https://fedorahosted.org/freeipa/ticket/4092 
Fix both the service restart procedure and registration of old
pki-cad well known service name.

This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.

https://fedorahosted.org/freeipa/ticket/4092
Use /usr/bin/python2 2014-01-03T08:46:05+00:00 Xiao-Long Chen chenxiaolong@cxl.epac.to 2013-11-27T13:53:57+00:00 5e96fbc22afa02f08f71513e7b59d3d5c6a1f9dc Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com 
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com
Do actually stop pki_cad in stop_pkicad instead of starting it. 2013-04-09T14:22:23+00:00 Jan Cholasta jcholast@redhat.com 2013-04-09T13:49:15+00:00 3f053437c979e13b22e3e5cac194d24dc9afcddf https://fedorahosted.org/freeipa/ticket/3554 
https://fedorahosted.org/freeipa/ticket/3554
Use new certmonger locking to prevent NSS database corruption. 2013-01-29T16:16:38+00:00 Rob Crittenden rcritten@redhat.com 2014-12-02T18:18:36+00:00 045b6e6ed995b4c1e5dab8dbcdf1af4896b52d19 dogtag opens its NSS database in read/write mode so we need to be very careful during renewal that we don't also open it up read/write. We basically need to serialize access to the database. certmonger does the majority of this work via internal locking from the point where it generates a new key/submits a rewewal through the pre_save and releases the lock after the post_save command. This lock is held per NSS database so we're save from certmonger. dogtag needs to be shutdown in the pre_save state so certmonger can safely add the certificate and we can manipulate trust in the post_save command. Fix a number of bugs in renewal. The CA wasn't actually being restarted at all due to a naming change upstream. In python we need to reference services using python-ish names but the service is pki-cad. We need a translation for non-Fedora systems as well. Update the CA ou=People entry when he CA subsystem certificate is renewed. This certificate is used as an identity certificate to bind to the DS instance. https://fedorahosted.org/freeipa/ticket/3292 https://fedorahosted.org/freeipa/ticket/3322 
dogtag opens its NSS database in read/write mode so we need to be very
careful during renewal that we don't also open it up read/write. We
basically need to serialize access to the database. certmonger does the
majority of this work via internal locking from the point where it generates
a new key/submits a rewewal through the pre_save and releases the lock after
the post_save command. This lock is held per NSS database so we're save
from certmonger. dogtag needs to be shutdown in the pre_save state so
certmonger can safely add the certificate and we can manipulate trust
in the post_save command.

Fix a number of bugs in renewal. The CA wasn't actually being restarted
at all due to a naming change upstream. In python we need to reference
services using python-ish names but the service is pki-cad. We need a
translation for non-Fedora systems as well.

Update the CA ou=People entry when he CA subsystem certificate is
renewed. This certificate is used as an identity certificate to bind
to the DS instance.

https://fedorahosted.org/freeipa/ticket/3292
https://fedorahosted.org/freeipa/ticket/3322