diff options
| -rw-r--r-- | pki/base/ca/shared/conf/server.xml | 6 | ||||
| -rwxr-xr-x | pki/base/common/scripts/pki_apache_initscript | 14 | ||||
| -rw-r--r-- | pki/base/kra/shared/conf/server.xml | 4 | ||||
| -rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 4 | ||||
| -rwxr-xr-x | pki/base/setup/pkicommon | 163 | ||||
| -rwxr-xr-x | pki/base/setup/pkicreate | 89 | ||||
| -rwxr-xr-x | pki/base/setup/pkiremove | 12 | ||||
| -rw-r--r-- | pki/base/tks/shared/conf/server.xml | 4 | ||||
| -rw-r--r-- | pki/base/tks/shared/conf/tomcat6.conf | 55 | ||||
| -rw-r--r-- | pki/base/tps/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | pki/base/tps/Makefile.am | 2 | ||||
| -rw-r--r-- | pki/base/tps/Makefile.in | 1 | ||||
| -rw-r--r-- | pki/dogtag/tps/pki-tps.spec | 1 |
13 files changed, 273 insertions, 84 deletions
diff --git a/pki/base/ca/shared/conf/server.xml b/pki/base/ca/shared/conf/server.xml index 83eaf775..07f4a406 100644 --- a/pki/base/ca/shared/conf/server.xml +++ b/pki/base/ca/shared/conf/server.xml @@ -120,7 +120,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -162,7 +162,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" @@ -179,7 +179,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_CLIENT_AUTH_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="true" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/common/scripts/pki_apache_initscript b/pki/base/common/scripts/pki_apache_initscript index 3e886a6d..e5123106 100755 --- a/pki/base/common/scripts/pki_apache_initscript +++ b/pki/base/common/scripts/pki_apache_initscript @@ -1,7 +1,5 @@ #!/bin/bash -# FIXME: needed to add -r system_r to runcon, not sure why or if it's right - command="$1" # Source function library. @@ -76,13 +74,13 @@ start() rv=$? if [ ${rv} = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then - LANG=${PKI_HTTPD_LANG} daemon runcon -r system_r -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} daemon runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} rv=$? # overwrite output from "daemon" echo -n $"Starting ${prog}: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} runcon -r system_r -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} + LANG=${PKI_HTTPD_LANG} runcon -t ${PKI_SELINUX_TYPE} -- ${httpd} ${PKI_OPTIONS} rv=$? fi else @@ -114,15 +112,15 @@ start() # Set permissions of log files for file in ${pki_logs_directory}/*; do if [ `basename $file` != "signedAudit" ]; then - echo "chown ${PKI_USER}:${PKI_GROUP} ${file}" - echo "chmod 00640 ${file}" + chown ${PKI_USER}:${PKI_GROUP} ${file} + chmod 00640 ${file} fi done if [ -d ${pki_logs_directory}/signedAudit ]; then for file in ${pki_logs_directory}/signedAudit/*; do - echo "chown ${PKI_USER} ${file}" - echo "chmod 00640 ${file}" + chown ${PKI_USER} ${file} + chmod 00640 ${file} done fi diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml index e26d09dc..856c2c2a 100644 --- a/pki/base/kra/shared/conf/server.xml +++ b/pki/base/kra/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index e26d09dc..856c2c2a 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/setup/pkicommon b/pki/base/setup/pkicommon index d408459f..b8aa9593 100755 --- a/pki/base/setup/pkicommon +++ b/pki/base/setup/pkicommon @@ -26,7 +26,7 @@ use warnings; use Exporter; our @ISA = qw(Exporter); our @EXPORT = qw( - $lib_prefix $obj_ext $path_sep $tmp_dir $logfile + $lib_prefix $obj_ext $path_sep $tmp_dir $pki_flavor $pki_registry_path $verbose $dry_run $hostname $default_hardware_platform $default_system_binaries $default_lockdir $default_system_libraries $default_system_user_binaries @@ -60,7 +60,7 @@ our @EXPORT = qw( certutil_create_databases certutil_delete_cert certutil_generate_CSR certutil_generate_self_signed_cert certutil_import_cert certutil_print_cert certutil_list_certs modutil_add_token - open_logfile print_to_logfile close_logfile + open_logfile get_logfile_path close_logfile prompt printFile emit is_path_valid is_name_valid entity_type entity_exists file_exists is_file_empty create_empty_file create_file copy_file remove_file @@ -144,9 +144,6 @@ our $obj_ext = undef; our $path_sep = undef; our $tmp_dir = undef; -# "logging" parameters -our $logfile = undef; - # Whether or not to do verbose mode our $verbose = 0; @@ -287,7 +284,9 @@ our $TPS_INITSCRIPT = "pki-tpsd"; my $fqdn = undef; # "logging" parameters -my $logfd = new FileHandle; +my $logfd = undef; +my $logfile_path = undef; + ############################################################## @@ -627,14 +626,43 @@ sub read_install_info_from_dir # Give an install info hash table writes it formated as a # "Installation Manifest" into specified directory under # the name $install_info_basename +# +# Returns pathname of manifest if successful, undef otherwise. sub write_install_info_to_dir { my ($dir, $install_info) = @_; my ($path, $formatted); + if (! defined($dir)) { + emit("Cannot write installation manifest, directory unspecified", "error"); + return undef; + } + + if (! defined($install_info_basename)) { + emit("Cannot write installation manifest, file basename unspecified", "error"); + return undef; + } + + if (! -e $dir) { + emit("Cannot write installation manifest, directory ($dir) does not exist", "error"); + return undef; + } + + if (! -d $dir) { + emit("Cannot write installation manifest, directory ($dir) is not a directory", "error"); + return undef; + } + + if (! -w $dir) { + emit("Cannot write installation manifest, directory ($dir) is not writable", "error"); + return undef; + } + $path = "${dir}/${install_info_basename}"; $formatted = format_install_info($install_info); write_file($path, \$formatted); + + return $path; } # Given an Installation Manifest (e.g. install_info) remove the items in @@ -1923,40 +1951,45 @@ sub modutil_add_token # Generic "logging" Subroutines ############################################################## -# no return value +# Return 1 if success, 0 if failure sub open_logfile { - my ($logfile_name) = @_; + my ($path, $permissions, $owner, $group) = @_; - $logfd->open(">$logfile_name") or - die "Could not open $logfile_name\n"; - - return; -} + + $logfd = FileHandle->new("> $path"); + if (defined($logfd)) { + $logfile_path = $path; + } else { + return 0; + } -# no return value -sub print_to_logfile -{ - my ($logfile_name, $message) = @_; + if (defined($permissions)) { + return 0 if !set_permissions($logfile_path, $permissions); + } - if (defined($logfile_name)) { - $logfd->print($message); + if (defined($owner) && defined($group)) { + return 0 if !set_owner_group($logfile_path, $owner, $group); } - return; + return 1; } +# no return value +sub get_logfile_path +{ + return $logfile_path; +} # no return value sub close_logfile { - my ($logfile_name) = @_; - - if ($logfile_name ne "") { + if (defined($logfd)) { $logfd->close(); } + $logfd = undef; return; } @@ -2033,8 +2066,10 @@ sub emit # If a log file exists, write all types # ("debug", "error", "info", or "log") # to this specified log file - $log_entry = "[$stamp] [$type] $string\n"; - print_to_logfile($logfile, $log_entry); + if (defined($logfd)) { + $log_entry = "[$stamp] [$type] $string\n"; + $logfd->print($log_entry); + } return; } @@ -2544,10 +2579,12 @@ sub walk_dir { next if $basename eq '..'; $$prune = 0; - if (-d "${dir}/${basename}") { # yes it is a directory + my $path = "${dir}/${basename}"; + if ((-d $path) && + ((! $opts->{'preserve_links'}) || (! -l $path))) { # yes it is a directory &$callback($dir, $basename, 1, $prune, $opts); if (!$$prune) { - walk_dir("${dir}/${basename}", $callback, $prune, $opts); + walk_dir($path, $callback, $prune, $opts); } } else { # not a directory @@ -2569,6 +2606,9 @@ sub walk_dir { # recursive (default = true) # If true then recusively descend into each directory, # otherwise just examine the starting directory +# preserve_links (default = true) +# If true symbolic links are preserved. +# If false symbolic links are traversed. # include_dirs (default = false) # If true include directories in the returned array, # otherwise directories are omitted. @@ -2611,13 +2651,14 @@ sub walk_dir { sub get_directory_files { my ($dir, $opts) = @_; - my ($strip_dir, $mark_dir, $recursive, $include_dirs, $include_files); + my ($strip_dir, $mark_dir, $recursive, $preserve_links, $include_dirs, $include_files); my ($dir_includes, $dir_excludes, $file_includes, $file_excludes); my ($files, $prune, $pat); $strip_dir = $opts->{'strip_dir'} // 0; $mark_dir = $opts->{'mark_dir'} // 0; $recursive = $opts->{'recursive'} // 1; + $preserve_links = $opts->{'preserve_links'} // 1; $include_dirs = $opts->{'include_dirs'} // 0; $include_files = $opts->{'include_files'} // 1; $dir_includes = $opts->{'dir_includes'} // undef; @@ -2632,6 +2673,7 @@ sub get_directory_files {'file_list' => $files, 'mark_dir' => $mark_dir, 'recursive' => $recursive, + 'preserve_links' => $preserve_links, 'include_dirs' => $include_dirs, 'include_files' => $include_files, 'dir_includes' => $dir_includes, @@ -2840,9 +2882,20 @@ sub copy_directory for $path (@$files) { $src_path = "${src_dir_path}/${path}"; $dst_path = "${dst_dir_path}/${path}"; - if (!copy_file($src_path, $dst_path, - $file_permissions, $owner, $group, $uninstall_action)) { - $result = 0; + + # Emulate cp's behavior with respect to symbolic links, + # symbolic links are NOT followed when copying recursively. + # During recursive copies symbolic links are recreated. + if (-l $src_path) { # src is a symbolic link + if (!copy_symlink($src_path, $dst_path, + $owner, $group, $uninstall_action)) { + $result = 0; + } + } else { # src is not a symbolic link + if (!copy_file($src_path, $dst_path, + $file_permissions, $owner, $group, $uninstall_action)) { + $result = 0; + } } } @@ -3028,6 +3081,54 @@ sub create_symlink return 1; } +# Return 1 if success, 0 if failure +sub copy_symlink +{ + my ($src_path, $dst_path, $owner, $group, $uninstall_action) = @_; + my ($target); + + $uninstall_action = 'remove' unless defined($uninstall_action); + + emit(sprintf("copy_symlink(%s)\n", join(", ", @_)), "debug"); + + add_install_info($dst_path, 'symlink', $uninstall_action); + + if (!is_path_valid($src_path)) { + emit("copy_symlink(): illegal src path => \"$src_path\".\n", + "error"); + remove_install_info($dst_path); + return 0; + } + + if (!is_path_valid($dst_path)) { + emit("copy_symlink(): illegal dst path => \"$dst_path\".\n", + "error"); + remove_install_info($dst_path); + return 0; + } + + if (! -l $src_path) { + emit("copy_symlink(): $src_path is not a symbolic link\n"); + return 0; + } + + return 1 if $dry_run; + + $target = readlink($src_path); + + if (!symlink($target, $dst_path)) { + emit("could not symbolically link $target dst_path", "error"); + remove_install_info($dst_path); + return 0; + } + + if (defined($owner) && defined($group)) { + return 0 if !set_owner_group_on_symlink($dst_path, $owner, $group); + } + + return 1; +} + # Return 1 if success, 0 if failure sub remove_symlink diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index f8ba09f8..d4336e50 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -203,6 +203,7 @@ my $noise_base_name = "noise"; # CA, KRA, OCSP, T my $nss_conf_base_name = "nss.conf"; # RA, TPS my $perl_conf_base_name = "perl.conf"; # RA, TPS my $osutil_jar_base_name = "osutil.jar"; # CA, KRA, OCSP, TKS +my $symkey_jar_base_name = "symkey.jar"; # CA, KRA, OCSP, TKS my $password_conf_base_name = "password.conf"; # CA, KRA, OCSP, TKS, # RA, TPS my $pfile_base_name = "pfile"; # CA, KRA, OCSP, TKS, @@ -494,6 +495,8 @@ my $perl_conf_instance_file_path = undef; # RA, TPS my $perl_conf_subsystem_file_path = undef; # RA, TPS my $osutil_jar_file_path = undef; # CA, KRA, OCSP, TKS my $osutil_jar_symlink_path = undef; # CA, KRA, OCSP, TKS +my $symkey_jar_file_path = undef; # CA, KRA, OCSP, TKS +my $symkey_jar_symlink_path = undef; # CA, KRA, OCSP, TKS my $password_conf_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS my $perl_instance_symlink_path = undef; # RA, TPS my $perl_subsystem_path = undef; # RA, TPS @@ -1021,14 +1024,18 @@ sub parse_arguments return 0; } - # capture installation information in a log file - # (always overwrite this file) - $logfile = "/var/log/$pki_instance_name-install.log"; - open_logfile($logfile); - set_permissions($logfile, $default_file_permissions); + # Capture installation information in a log file, always overwrite this file. + # When creating an instance it's a fatal error if the logfile + # cannot be created. + my $logfile = "/var/log/${pki_instance_name}-install.log"; + if (!open_logfile($logfile, $default_file_permissions)) { + emit("can not create logfile ($logfile)", "error"); + return 0; + } + add_install_info($logfile, 'file', 'preserve'); - print(STDOUT "Capturing installation information in $logfile.\n"); + printf(STDOUT "Capturing installation information in %s\n", $logfile); emit("Parsing PKI creation arguments ...\n"); @@ -1715,6 +1722,10 @@ sub initialize_subdirectory_paths . "/" . $osutil_jar_base_name; $osutil_jar_symlink_path = $webinf_lib_instance_path . "/" . $osutil_jar_base_name; + $symkey_jar_file_path = $default_system_jni_java_path + . "/" . $symkey_jar_base_name; + $symkey_jar_symlink_path = $webinf_lib_instance_path + . "/" . $symkey_jar_base_name; $server_xml_subsystem_file_path = $conf_subsystem_path . "/" . $server_xml_base_name; $servercertnick_conf_subsystem_file_path = $conf_subsystem_path @@ -2585,14 +2596,14 @@ sub process_pki_files_and_symlinks # create a filled in empty "password.conf" # password file for this instance return 0 if !create_file($password_conf_instance_file_path, - "${default_security_token}:$db_password", + "${default_security_token}:${db_password}\n", $default_file_permissions, $pki_user, $pki_group); # create a filled in empty temporary "pfile" # password file for this instance return 0 if !create_file($pfile_instance_file_path, - $db_password, + "${db_password}\n", $default_file_permissions, $pki_user, $pki_group); ## Populate instances (RA, TPS instances) @@ -2673,6 +2684,10 @@ sub process_pki_files_and_symlinks return 0 if !create_symlink($osutil_jar_symlink_path, $osutil_jar_file_path, $pki_user, $pki_group); + # create instance symlink to "symkey.jar" + return 0 if !create_symlink($symkey_jar_symlink_path, $symkey_jar_file_path, + $pki_user, $pki_group); + # create symlink to "tomcatjss.jar" return 0 if !create_symlink($tomcatjss_jar_symlink_path, $tomcatjss_jar_file_path, $pki_user, $pki_group); @@ -3033,6 +3048,40 @@ sub cleanup return $result; } +# Return 1 if success, 0 if failure +sub write_install_info +{ + if ($dry_run) { + return 1; + } else { + if (!defined($pki_instance_path)) { + return 0; + } + my $install_info_file_path = write_install_info_to_dir($pki_instance_path, + \%installation_info); + if (defined($install_info_file_path)) { + emit(sprintf("Installation manifest: %s", $install_info_file_path)); + return 1; + } else { + return 0; + } + } +} + +############################################################## +# Signal Handlers +############################################################## + +sub die_handler +{ + my ($msg) = @_; + + # If we abort write the installation manifest + # so cleanup can still be performed later. + write_install_info(); +} + +$SIG{'__DIE__'} = \&die_handler; ############################################################## # Main Program @@ -3062,8 +3111,7 @@ sub main $parse_result = parse_arguments(); if (!$parse_result || $parse_result == -1) { - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); exit 255; } @@ -3087,27 +3135,21 @@ ASK_AGAIN: goto ASK_AGAIN; } - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); exit 255; } print(STDOUT "\n"); - print(STDOUT - "PKI instance creation completed ...\n\n"); + print(STDOUT "PKI instance creation completed ...\n\n"); + # Write the installation manifest. + write_install_info(); - my $install_info_file_path = "${pki_instance_path}/${install_info_basename}"; my $install_description = get_install_description(); - if (!$dry_run) { - write_install_info_to_dir($pki_instance_path, \%installation_info); - } - - emit(sprintf("The following was performed (recorded in \"%s\")\n%s\n", - $install_info_file_path, $install_description)); + emit(sprintf("The following was performed:\n%s\n", $install_description)); - print(STDOUT "Installation information recorded in $logfile.\n"); + printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path()); $pki_registry_initscript_command = "/sbin/service $pki_registry_initscript restart $pki_instance_name"; @@ -3173,8 +3215,7 @@ ASK_AGAIN: "log"); } - # If it exists, close the log file - close_logfile($logfile); + close_logfile(); return; } diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index bf347e28..817ded17 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -431,7 +431,7 @@ sub remove_selinux_ports sub remove_instance { my ($result, $confirm, $install_info); - + $confirm = "Y"; $result = 1; print(STDOUT "PKI instance Deletion Utility cleaning up instance ...\n\n"); @@ -570,11 +570,11 @@ sub main exit 255; } - # capture installation information in a log file - # (always overwrite this file) - $logfile = "/var/log/${pki_instance_name}-uninstall.log"; - open_logfile($logfile); - set_permissions($logfile, $default_file_permissions); + # Capture uninstall information in a log file, always overwrite this file. + # When removing an instance it's never a fatal error if the logfile + # cannot be created. + my $logfile = "/var/log/${pki_instance_name}-uninstall.log"; + open_logfile($logfile, $default_file_permissions); emit("Capturing installation information in $logfile.\n"); diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml index e26d09dc..856c2c2a 100644 --- a/pki/base/tks/shared/conf/server.xml +++ b/pki/base/tks/shared/conf/server.xml @@ -119,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" @@ -161,7 +161,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Connector name="[PKI_EE_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_EE_SECURE_PORT]" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" - enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" + enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" clientAuth="false" sslOptions="[TOMCAT_SSL_OPTIONS]" diff --git a/pki/base/tks/shared/conf/tomcat6.conf b/pki/base/tks/shared/conf/tomcat6.conf new file mode 100644 index 00000000..31385567 --- /dev/null +++ b/pki/base/tks/shared/conf/tomcat6.conf @@ -0,0 +1,55 @@ +# Service-specific configuration file for tomcat6. This will be sourced by +# the SysV init script after the global configuration file +# /etc/tomcat6/tomcat6.conf, thus allowing values to be overridden in +# a per-service manner. +# +# NEVER change the init script itself. To change values for all services make +# your changes in /etc/tomcat6/tomcat6.conf +# +# To change values for a specific service make your edits here. +# To create a new service create a link from /etc/init.d/<your new service> to +# /etc/init.d/tomcat6 (do not copy the init script) and make a copy of the +# /etc/sysconfig/tomcat6 file to /etc/sysconfig/<your new service> and change +# the property values so the two services won't conflict. Register the new +# service in the system as usual (see chkconfig and similars). +# + +# Where your java installation lives +#JAVA_HOME="/usr/lib/jvm/java" + +# Where your tomcat installation lives +CATALINA_BASE="[PKI_INSTANCE_PATH]" +#CATALINA_HOME="/usr/share/tomcat6" +#JASPER_HOME="/usr/share/tomcat6" +#CATALINA_TMPDIR="/var/cache/tomcat6/temp" + +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=/usr/lib64" + +# What user should run tomcat +TOMCAT_USER="[PKI_USER]" + +# You can change your tomcat locale here +#LANG="en_US" + +# Run tomcat under the Java Security Manager +#SECURITY_MANAGER="false" + +# Time to wait in seconds, before killing process +#SHUTDOWN_WAIT="30" + +# Whether to annoy the user with "attempting to shut down" messages or not +#SHUTDOWN_VERBOSE="false" + +# Set the TOMCAT_PID location +CATALINA_PID="[TOMCAT_PIDFILE]" + +# Connector port is 8080 for this tomcat6 instance +#CONNECTOR_PORT="8080" + +# If you wish to further customize your tomcat environment, +# put your own definitions here +# (i.e. LD_LIBRARY_PATH for some jdbc drivers) diff --git a/pki/base/tps/CMakeLists.txt b/pki/base/tps/CMakeLists.txt index b97cccf5..04859aaa 100644 --- a/pki/base/tps/CMakeLists.txt +++ b/pki/base/tps/CMakeLists.txt @@ -20,8 +20,6 @@ install( ) install( - FILES - apache/apachectl DESTINATION ${LIB_INSTALL_DIR}/${APPLICATION_NAME}/${PROJECT_NAME} PERMISSIONS diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am index a98fd897..9bb9d766 100644 --- a/pki/base/tps/Makefile.am +++ b/pki/base/tps/Makefile.am @@ -188,8 +188,6 @@ initd_SCRIPTS = $(srcdir)/etc/init.d/pki-tpsd license_DATA = $(srcdir)/LICENSE -libexec_SCRIPTS = $(srcdir)/apache/apachectl - # create an empty 'logs' directory logs_DATA = diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index 090edfee..2b692972 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -671,7 +671,6 @@ docroot_tps_img_DATA = docroot_tps_js_DATA = initd_SCRIPTS = $(srcdir)/etc/init.d/pki-tpsd license_DATA = $(srcdir)/LICENSE -libexec_SCRIPTS = $(srcdir)/apache/apachectl # create an empty 'logs' directory logs_DATA = diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec index ad07ed68..900e1b6c 100644 --- a/pki/dogtag/tps/pki-tps.spec +++ b/pki/dogtag/tps/pki-tps.spec @@ -140,7 +140,6 @@ cp -rp %{buildroot}/opt/samples* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/scripts* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/setup* %{buildroot}%{_datadir}/pki/tps cp -rp %{buildroot}/opt/templates* %{buildroot}%{_datadir}/pki/tps -cp -p %{buildroot}%{_libexecdir}/apachectl* %{buildroot}%{_libdir}/pki/tps cp -p %{buildroot}%{_libexecdir}/tpsclient* %{buildroot}%{_libdir}/pki/tps # create wrappers |