diff options
| author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-09 02:14:47 +0000 |
|---|---|---|
| committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-09 02:14:47 +0000 |
| commit | ce842117d0e57ef7ef31c4e54fd955fab25b80d9 (patch) | |
| tree | c39375dae59a8fa82a5438638e29325a5afc5ae5 /pki/base | |
| parent | fee1581f2f47074cac4ab0641ffc078df242d58c (diff) | |
| download | pki-ce842117d0e57ef7ef31c4e54fd955fab25b80d9.tar.gz pki-ce842117d0e57ef7ef31c4e54fd955fab25b80d9.tar.xz pki-ce842117d0e57ef7ef31c4e54fd955fab25b80d9.zip | |
Bugzilla Bug #501081 - remove mod_revocator rpm as a dependency.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@568 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
| -rwxr-xr-x | pki/base/manage/pki-install | 2 | ||||
| -rwxr-xr-x | pki/base/manage/pki-uninstall | 2 | ||||
| -rw-r--r-- | pki/base/ra/apache/conf/httpd.conf | 4 | ||||
| -rw-r--r-- | pki/base/ra/apache/conf/revocator.conf | 19 | ||||
| -rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 38 | ||||
| -rwxr-xr-x | pki/base/setup/pkicreate | 46 | ||||
| -rw-r--r-- | pki/base/tps/Makefile.am | 1 | ||||
| -rw-r--r-- | pki/base/tps/Makefile.in | 1 | ||||
| -rw-r--r-- | pki/base/tps/apache/conf/httpd.conf | 4 | ||||
| -rw-r--r-- | pki/base/tps/apache/conf/revocator.conf | 19 | ||||
| -rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm | 38 |
11 files changed, 0 insertions, 174 deletions
diff --git a/pki/base/manage/pki-install b/pki/base/manage/pki-install index 25b28b9d..ac1490a9 100755 --- a/pki/base/manage/pki-install +++ b/pki/base/manage/pki-install @@ -321,7 +321,6 @@ if( $^O eq "linux" ) { ); @pki_fortitude_packages = ( "$pki_prefix" . "fortitude-mod_nss" . "$pki_suffix", - "$pki_prefix" . "fortitude-mod_revocator" . "$pki_suffix", "$pki_prefix" . "fortitude-web" . "$pki_suffix" ); @ca_fortitude_packages = (); @@ -639,7 +638,6 @@ if( $^O eq "linux" ) { ); @pki_fortitude_packages = ( "$pki_prefix" . "fortitude-mod-nss" . "$pki_suffix", - "$pki_prefix" . "fortitude-mod-revocator" . "$pki_suffix", "$pki_prefix" . "fortitude-web" . "$pki_suffix" ); @ca_fortitude_packages = (); diff --git a/pki/base/manage/pki-uninstall b/pki/base/manage/pki-uninstall index 1d27cfd2..7c1fb85a 100755 --- a/pki/base/manage/pki-uninstall +++ b/pki/base/manage/pki-uninstall @@ -441,7 +441,6 @@ if( $^O eq "linux" ) { # [6] PKI Fortitude Packages @pki_fortitude_packages = ( "$pki_prefix" . "fortitude-web" . "$pki_suffix", - "$pki_prefix" . "fortitude-mod_revocator" . "$pki_suffix", "$pki_prefix" . "fortitude-mod_nss" . "$pki_suffix" ); @pki_fortitude_mozldap_packages = ( @@ -731,7 +730,6 @@ if( $^O eq "linux" ) { # [6] PKI Fortitude Packages @pki_fortitude_packages = ( "$pki_prefix" . "fortitude-web" . "$pki_suffix", - "$pki_prefix" . "fortitude-mod-revocator" . "$pki_suffix", "$pki_prefix" . "fortitude-mod-nss" . "$pki_suffix" ); @pki_fortitude_mozldap_packages = ( diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf index 6dcebf33..b3e36d27 100644 --- a/pki/base/ra/apache/conf/httpd.conf +++ b/pki/base/ra/apache/conf/httpd.conf @@ -254,8 +254,6 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so # Required module for commands in nss.conf: [FORTITUDE_NSS_MODULES] -# Required module for commands in revocator.conf: -[FORTITUDE_REVOCATOR_MODULES] <Location /nk_service> SetHandler nk_service @@ -1040,8 +1038,6 @@ BrowserMatch "^gnome-vfs" redirect-carefully #</IfModule> Include [SERVER_ROOT]/conf/nss.conf -Include [SERVER_ROOT]/conf/revocator.conf - ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on your diff --git a/pki/base/ra/apache/conf/revocator.conf b/pki/base/ra/apache/conf/revocator.conf deleted file mode 100644 index 904b7f83..00000000 --- a/pki/base/ra/apache/conf/revocator.conf +++ /dev/null @@ -1,19 +0,0 @@ -# CRL Engine Switch: -# Enable/Disable CRL retrieval - -CRLEngine off - -# CRL Age Check Switch: -# Shut the server down if a CRL expires -CRLAgeCheck off - -# CRL Update Critical Switch: -# Shut the server down if a CRL cannot be retrieved -CRLUpdateCritical off - -# CRL URLs: -# A space delimited list of URLs to retrieve and install. -# protocol://urldata;update_interval;max_age -#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" -#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" -#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index 87d8bd8c..f5e86fc6 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -333,44 +333,6 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } - # Rewrite "revocator.conf", activating the CRLEngine, and appending - # the security domain getCRL URL to end of the file - open( TMP_REVOCATOR_CONF, ">$instDir/conf/revocator.conf.tmp" ); - system( "chmod 00660 $instDir/conf/revocator.conf.tmp" ); - open( REVOCATOR_CONF, "<$instDir/conf/revocator.conf" ); - while( <REVOCATOR_CONF> ) { - if( /^CRLEngine/ ) { - # Bugzilla Bug #493122: Activate CRLEngine on RHEL, - # but NOT on Fedora! - if( -e "/etc/fedora-release" ) { - print TMP_REVOCATOR_CONF "CRLEngine off\n"; - } else { - # Bugzilla Bug #498528 Disable mod_revocator on RHEL - # since it will no longer work - # with the updated mod_nss which - # is required for HSMs - print TMP_REVOCATOR_CONF "CRLEngine off\n"; - } - } else { - print TMP_REVOCATOR_CONF $_; - } - } - # Append security domain getCRL URL to end of "revocator.conf.tmp" - print TMP_REVOCATOR_CONF "CRLFile \"" . $sdom - . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; - close( REVOCATOR_CONF ); - close( TMP_REVOCATOR_CONF ); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/revocator.conf.tmp " - . "$instDir/conf/revocator.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/revocator.conf" ) { - system( "rm $instDir/conf/revocator.conf.tmp" ); - } - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index 741bf15a..23c33eaa 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -262,7 +262,6 @@ my $noise_base_name = "noise"; # CA, KRA, OCSP, TKS, # RA, TPS my $nss_conf_base_name = "nss.conf"; # RA, TPS my $perl_conf_base_name = "perl.conf"; # RA, TPS -my $revocator_conf_base_name = "revocator.conf"; # RA, TPS my $osutil_jar_base_name = "osutil.jar"; # CA, KRA, OCSP, TKS my $password_conf_base_name = "password.conf"; # CA, KRA, OCSP, TKS, # RA, TPS @@ -315,7 +314,6 @@ my $NSS_CONF = "NSS_CONF"; my $OBJ_EXT = "OBJ_EXT"; my $PORT = "PORT"; my $PROCESS_ID = "PROCESS_ID"; -my $REVOCATOR_CONF = "REVOCATOR_CONF"; my $SECURE_PORT = "SECURE_PORT"; my $NON_CLIENTAUTH_SECURE_PORT = "NON_CLIENTAUTH_SECURE_PORT"; my $SECURITY_LIBRARIES = "SECURITY_LIBRARIES"; @@ -333,7 +331,6 @@ my $FORTITUDE_MODULE = "FORTITUDE_MODULE"; my $FORTITUDE_LIB_DIR = "FORTITUDE_LIB_DIR"; my $FORTITUDE_AUTH_MODULES = "FORTITUDE_AUTH_MODULES"; my $FORTITUDE_NSS_MODULES = "FORTITUDE_NSS_MODULES"; -my $FORTITUDE_REVOCATOR_MODULES = "FORTITUDE_REVOCATOR_MODULES"; # Template slot constants (CA, KRA, OCSP, TKS) my $INSTALL_TIME = "INSTALL_TIME"; @@ -528,8 +525,6 @@ my $nss_conf_instance_file_path = ""; # RA, TPS my $nss_conf_subsystem_file_path = ""; # RA, TPS my $perl_conf_instance_file_path = ""; # RA, TPS my $perl_conf_subsystem_file_path = ""; # RA, TPS -my $revocator_conf_instance_file_path = ""; # RA, TPS -my $revocator_conf_subsystem_file_path = ""; # RA, TPS my $osutil_jar_file_path = ""; # CA, KRA, OCSP, TKS my $osutil_jar_symlink_path = ""; # CA, KRA, OCSP, TKS my $password_conf_instance_file_path = ""; # CA, KRA, OCSP, TKS, @@ -1593,9 +1588,6 @@ sub initialize_subdirectory_paths() . "/" . $nss_conf_base_name; $perl_conf_subsystem_file_path = $conf_subsystem_path . "/" . $perl_conf_base_name; - $revocator_conf_subsystem_file_path = $conf_subsystem_path - . "/" - . $revocator_conf_base_name; $perl_instance_symlink_path = $lib_instance_path . "/" . $perl_base_instance_symlink; @@ -1753,9 +1745,6 @@ sub process_pki_directories() . "/" . $perl_conf_base_name; $pwcache_conf_instance_file_path = $conf_instance_path . "/" . $pwcache_conf_base_name; - $revocator_conf_instance_file_path = "$conf_instance_path" - . "/" - . $revocator_conf_base_name; # create instance directory $result = create_directory( $conf_instance_path ); @@ -1826,9 +1815,6 @@ sub process_pki_directories() . "/" . $perl_conf_base_name; $pwcache_conf_instance_file_path = $redirected_conf_path . "/" . $pwcache_conf_base_name; - $revocator_conf_instance_file_path = "$redirected_conf_path" - . "/" - . $revocator_conf_base_name; # create redirected instance directory $result = create_directory( $redirected_conf_path ); @@ -2256,7 +2242,6 @@ sub process_pki_templates() $slot_hash{$PROCESS_ID} = $$; $slot_hash{$SECURE_PORT} = $secure_port; $slot_hash{$NON_CLIENTAUTH_SECURE_PORT} = $non_clientauth_secure_port; - $slot_hash{$REVOCATOR_CONF} = $revocator_conf_instance_file_path; $slot_hash{$SECURITY_LIBRARIES} = $default_security_libraries; $slot_hash{$SERVER_NAME} = $host; $slot_hash{$SERVER_ROOT} = $pki_instance_path; @@ -2285,10 +2270,6 @@ LoadModule authz_host_module /etc/httpd/modules/mod_authz_host.so " LoadModule nss_module /etc/httpd/modules/libmodnss.so "; - $slot_hash{$FORTITUDE_REVOCATOR_MODULES} = -" -LoadModule rev_module /etc/httpd/modules/mod_rev.so -"; } else { $slot_hash{$FORTITUDE_APACHE} = "Apache"; @@ -2304,10 +2285,6 @@ LoadModule access_module /opt/fortitude/modules/mod_access.so " LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so "; - $slot_hash{$FORTITUDE_REVOCATOR_MODULES} = -" -LoadModule nss_module /opt/fortitude/modules.local/mod_rev.so -"; } } else { # Setup templates (CA, KRA, OCSP, TKS) @@ -2623,29 +2600,6 @@ LoadModule nss_module /opt/fortitude/modules.local/mod_rev.so $perl_conf_instance_file_path ); - # process "revocator.conf" template - $result = process_file_template( $revocator_conf_subsystem_file_path, - $revocator_conf_instance_file_path, - \%slot_hash ); - if( !$result ) { - return 0; - } - - # fix ownership for revocator.conf - $result = give_file_to( $revocator_conf_instance_file_path, - $pki_user, - $pki_group ); - if( !$result ) { - emit( "Can't change ownership of " - . "$revocator_conf_instance_file_path.\n", - "error" ); - return 0; - } - - chmod( $default_file_permissions, - $revocator_conf_instance_file_path ); - - # process "nss_pcache" template $result = process_file_template( $nss_pcache_subsystem_file_path, $nss_pcache_instance_file_path, diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am index 523e2caa..82e3042f 100644 --- a/pki/base/tps/Makefile.am +++ b/pki/base/tps/Makefile.am @@ -158,7 +158,6 @@ conf_DATA = $(srcdir)/apache/conf/httpd.conf \ $(srcdir)/apache/conf/mime.types \ $(srcdir)/apache/conf/nss.conf \ $(srcdir)/apache/conf/perl.conf \ - $(srcdir)/apache/conf/revocator.conf \ $(srcdir)/doc/CS.cfg docroot_DATA = $(srcdir)/forms/index.html diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index c020a377..534740a5 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -648,7 +648,6 @@ conf_DATA = $(srcdir)/apache/conf/httpd.conf \ $(srcdir)/apache/conf/mime.types \ $(srcdir)/apache/conf/nss.conf \ $(srcdir)/apache/conf/perl.conf \ - $(srcdir)/apache/conf/revocator.conf \ $(srcdir)/doc/CS.cfg docroot_DATA = $(srcdir)/forms/index.html diff --git a/pki/base/tps/apache/conf/httpd.conf b/pki/base/tps/apache/conf/httpd.conf index 3fb24706..d3ec8e05 100644 --- a/pki/base/tps/apache/conf/httpd.conf +++ b/pki/base/tps/apache/conf/httpd.conf @@ -254,8 +254,6 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so # Required module for commands in nss.conf: [FORTITUDE_NSS_MODULES] -# Required module for commands in revocator.conf: -[FORTITUDE_REVOCATOR_MODULES] # Required module for command 'TPSConfigPathFile': LoadModule tps_module [FORTITUDE_MODULE]/mod_tps.so # Required module for command 'TokendbConfigPathFile': @@ -1044,8 +1042,6 @@ BrowserMatch "^gnome-vfs" redirect-carefully #</IfModule> Include [SERVER_ROOT]/conf/nss.conf -Include [SERVER_ROOT]/conf/revocator.conf - TPSConfigPathFile [SERVER_ROOT]/conf/CS.cfg TokendbConfigPathFile [SERVER_ROOT]/conf/CS.cfg diff --git a/pki/base/tps/apache/conf/revocator.conf b/pki/base/tps/apache/conf/revocator.conf deleted file mode 100644 index 904b7f83..00000000 --- a/pki/base/tps/apache/conf/revocator.conf +++ /dev/null @@ -1,19 +0,0 @@ -# CRL Engine Switch: -# Enable/Disable CRL retrieval - -CRLEngine off - -# CRL Age Check Switch: -# Shut the server down if a CRL expires -CRLAgeCheck off - -# CRL Update Critical Switch: -# Shut the server down if a CRL cannot be retrieved -CRLUpdateCritical off - -# CRL URLs: -# A space delimited list of URLs to retrieve and install. -# protocol://urldata;update_interval;max_age -#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" -#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" -#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm index be6f5a41..a99acda5 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm @@ -346,44 +346,6 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } - # Rewrite "revocator.conf", activating the CRLEngine, and appending - # the security domain getCRL URL to end of the file - open( TMP_REVOCATOR_CONF, ">$instDir/conf/revocator.conf.tmp" ); - system( "chmod 00660 $instDir/conf/revocator.conf.tmp" ); - open( REVOCATOR_CONF, "<$instDir/conf/revocator.conf" ); - while( <REVOCATOR_CONF> ) { - if( /^CRLEngine/ ) { - # Bugzilla Bug #493122: Activate CRLEngine on RHEL, - # but NOT on Fedora! - if( -e "/etc/fedora-release" ) { - print TMP_REVOCATOR_CONF "CRLEngine off\n"; - } else { - # Bugzilla Bug #498528 Disable mod_revocator on RHEL - # since it will no longer work - # with the updated mod_nss which - # is required for HSMs - print TMP_REVOCATOR_CONF "CRLEngine off\n"; - } - } else { - print TMP_REVOCATOR_CONF $_; - } - } - # Append security domain getCRL URL to end of "revocator.conf.tmp" - print TMP_REVOCATOR_CONF "CRLFile \"" . $sdom - . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; - close( REVOCATOR_CONF ); - close( TMP_REVOCATOR_CONF ); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/revocator.conf.tmp " - . "$instDir/conf/revocator.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/revocator.conf" ) { - system( "rm $instDir/conf/revocator.conf.tmp" ); - } - &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); |