May 2012 - Pki-devel - Dogtag Pki List Archives

[PATCH] pki-vakwetu-0032-BZ-819111-non-existent-container breaks replication

by Ade Lee

We recently moved the replication user to ou=cmsuser, cn=config, rather than simply cn=config. This breaks replication to older users. Code has been added to the replication setup code to create the needed container on the master server if it does not exist. This is the fix for dogtag 10. A similar fix will be applied to dogtag 9. Please review, Ade

11 years, 11 months

2
2
0 / 0

[PATCH] PKI Deployment Framework

by Matthew Harmsen

Please review and provide an ACK for the attached patch. This patch attempts to continue implementation of the PKI Deployment Framework based upon the revised filesystem layout documented here: * http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_... The following patch adds/corrects functionality of the existing PKI Deployment Framework including (but not limited to): * Massaged logic to comply with PKI subsystems running within a shared instance * Developed code to take advantage of a single shared NSS security database model * Completed the following two 'scriptlets': o Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/146) o Dogtag 10: Python 'security_databases.py' Installation Scriptlet (https://fedorahosted.org/pki/ticket/136) * Created several additional PKI deployment helper utilities. After being installed on a FRESH system, this code can be tested by running the following command-line examples (as 'root' or 'sudo'): * mkdir /tmp/pki * sudo pkispawn -s CA -p /tmp/pki -v --dry_run * sudo pkispawn -s CA -p /tmp/pki -v * sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run * sudo pkispawn -s CA -p /tmp/pki -u -v * sudo pkidestroy -s CA -p /tmp/pki -v --dry_run * sudo pkidestroy -s CA -p /tmp/pki -v For the most part, this code ONLY affects the un-released 'pki-deploy' package, so check-in of these changes should not harm the existing source in any way. The exceptions to this are changes to the following three previously existing files: * base/ca/shared/conf/CS.cfg.in * base/ra/apache/conf/httpd.conf * base/tps/apache/conf/httpd.conf and the addition of the following new qqfour files to account for the eventual move to Tomcat 7: * base/ca/shared/conf/tomcat.conf * base/kra/shared/conf/tomcat.conf * base/ocsp/shared/conf/tomcat.conf * base/tks/shared/conf/tomcat.conf Thanks in advance, -- Matt

11 years, 11 months

1
0
0 / 0

[pki-devel][Patch] 0001-JNDI-realm-enhancement-to-handle-multiple-entry-ACLs.patch

by John Magne

Simple patch to allow the PKIJNDI realm to handle multi-entry ACLs. Ticket #123

11 years, 11 months

2
3
0 / 0

patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa

by Christina Fu

Please review the following patches for *Bug 744207* <https://bugzilla.redhat.com/show_bug.cgi?id=744207> -Key archival fails when KRA is configured with lunasa: JSS: https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&context=... DRM/KRA: https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&context=... The JSS patch alone allows key archival (both RSA and ECC) to work with lunasa token where the lunasa token has to be KE-capable. Work done specifically on the following model: Model: Luna SA v5 w/ PED auth and CKE Part No: 908-000093-001 The DRM/KRA patch are just some debugging to make recovery debugging easier with an addition of non-static salt. The recovery is not working currently, failing with wrapping operation during PBE creation: *Bug 817423* <https://bugzilla.redhat.com/show_bug.cgi?id=817423> -Key recovery fails when KRA is configured with lunasa which will be fixed at a later time. To test these patches for key archival on the said model of lunasa, one must turn on the prototype mode for recovery. thanks, Christina

11 years, 12 months

2
2
0 / 0

patch for review - Bug 640046 - TPS installation wizard: unsupported module not logged in with password in password.conf

by Christina Fu

Please review the following patch for the bug: *Bug 640046* <https://bugzilla.redhat.com/show_bug.cgi?id=640046> -TPS installation wizard: unsupported module not logged in with password in password.conf tps-ui: https://bugzilla.redhat.com/attachment.cgi?id=581291&action=diff&context=... This patch allows config panel ModulePanel to log into "Other Modules" (unsupported modules). Also to note: the modules modules appear to be stored in pwcache.conf, not password.conf. thanks, Christina

11 years, 12 months

2
2
0 / 0

PATCH 0029 - RESTful servlet to configure system in a single servlet

by Ade Lee

Please review: New RESTful servlet that does system configuration in a single servlet. Installation code common to the panels and the installation servlet are extracted to a ConfigurationUtils file. The panel code will be cleaned up to use the code in this class in a later commit. Contains restful client and test driver code. The test driver code should be modified and placed in a junit/system test framework. Installation has been tested to work with the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA signed by external CA (parts 1 and 2). Ticket #155 Thanks, Ade

11 years, 12 months

2
3
0 / 0

[PATCH] patches 30/31 to refactor installation panels

by Ade Lee

Common code has been moved to ConfigurationUtils. These patches refactor the existing installation servlets to use that common code. (So lots of now duplicate code being deleted). I think this makes the code a lot simpler to follow. In addition, a bunch of obsolete servlets have been removed in patch 31. Installations have been tested in the following scenarios: ca, clone ca, ca subordinate to external ca, kra, ocsp, tks. The patches need to be rebased on top of patch 29 -- which I plan to check in in any case. Ade

11 years, 12 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel May 2012