[PATCH] 103 Merged pki-native-tools and pki-java-tools.
by Endi Sukma Dewata
The pki-native-tools and pki-java-tools have been merged into
pki-tools and pki-server will depend on it. Since pki-ra and
pki-tps depends on pki-server they automatically depends on
pki-tools as well.
Ticket #295
--
Endi S. Dewata
12 years, 9 months
[PATCH] 102 Added pki-base and pki-server RPM packages.
by Endi Sukma Dewata
The pki-common package has been split such that the common and
client binaries are packaged in pki-base and server binaries are
packaged in pki-server. The pki-util has been merged into pki-base
and the pki-deploy package has been merged into pki-server.
Ticket #295
--
Endi S. Dewata
12 years, 9 months
What if I lose my IPA CA?
by Rob Crittenden
I can't find any documentation how we'd handle this in IPA, so before a
customer runs into it...
What happens if someone sets up multiple IPA servers and only has a CA
installed on one of them, and that server goes away forever for some
reason (they deleted the replica, horrific failure, etc)?
Let's also assume they saved the original CA PKCS#12 file.
Is there some mechanism to either stand up a new dogtag instance with
this CA's key? Would it be better to stand up a new server as a
subordinate of this CA?
I'm not entirely sure of the mechanics we'd use for either of these, but
its a start.
thanks
rob
12 years, 9 months
[PATCH] Verify Symbolic Links (Dogtag 9)
by Matthew Harmsen
This patch addresses the issue listed below for Dogtag 9:
* TRAC Ticket #301 - Need to modify init scripts to verify needed
symlinks in an instance
This patch has been tested and found to work successfully on 64-bit
Fedora 16 with SElinux in "Permissive" mode:
* Built and installed Dogtag 9 Packages on a 64-bit Fedora 16 host
* Installed and configured Dogtag 9 CA, KRA, OCSP, TKS, RA, and TPS
instances
* Tested attached symlinks patch on all subsystems (although I was
unable to get the configured TPS to restart -- successfully applied
logic from standalone test program)
12 years, 9 months
[PATCH] Verify Symbolic Links (Dogtag 10)
by Matthew Harmsen
The following patch attempts to address the issues expressed for the
complementary Dogtag 9 patch.
It should be understood that this has NOT been tested with any package
renames/location changes that may have been checked-in this morning, and
as such, the data may need to be changed and tested to comply with these
changes.
-- Matt
12 years, 9 months
[PATCH] 101 Fixed exceptions during shutdown.
by Endi Sukma Dewata
The shutdown() methods in several classes have been fixed to allow
more graceful shutdown. Null pointers are checked to avoid exception.
It's not necessary to empty container objects since they might still
be used by other threads and will be garbage collected eventually.
Ticket #247
--
Endi S. Dewata
12 years, 9 months
[PATCH] Verify Symbolic Links (Dogtag 10)
by Matthew Harmsen
This patch addresses the issue listed below for Dogtag 10:
* TRAC Ticket #301 - Need to modify init scripts to verify needed
symlinks in an instance
This patch has been tested and found to work successfully on 64-bit
Fedora 17 with SElinux in "Permissive" mode:
* Built and installed Dogtag 9 Packages on a 64-bit Fedora 17 host
* Installed and configured Dogtag 9 CA instance
* Successfully submitted an enrollment request, approved enrollment
request, issued certificate, and listed certificates
* Built and installed Dogtag 10 Packages on the same 64-bit Fedora 17 host
* Restarted Dogtag 9 CA instance (so that it was now running under
Dogtag 10)
* Successfully submitted an enrollment request and listed certificates
* Successfully approved the enrollment request and issued a
certificate AFTER:
o manually shutting down the CA instance,
o applying the CS.cfg fixes documented in "TRAC Ticket #303 -
Dogtag 10: CS.cfg parameters for Dogtag 9 instance running under
Dogtag 10 packages . . .", and
o restarting the CA instance)
12 years, 9 months
[PATCH] 49, 50, 52 - fix broken selinux on f16 (dogtag 9)
by Ade Lee
The last selinux changes checked into dogtag 9 resolved the following
bug for f17:
BZ 841966 : latest selinux policy fix breaks dogtag
Unfortunately, it also broke the pki-selinux policy in f16.
The following patches address this. They should be applied in order
(49,50,52) Basically, 49 reverts the previous change. 50 and 52 adds a
new patch that will be applied to the pki-selinux code for f17 only.
The new patch has already been uploaded, so you should be able to build.
Please review,
Thanks,
Ade
12 years, 10 months