July 2014 - Pki-devel - Dogtag Pki List Archives

[PATCH] PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg

by Matthew Harmsen

Please review the attached patch for: * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg <https://fedorahosted.org/pki/ticket/899> This patch is based upon a previously reviewed patch for the Dogtag 9 architecture utilized by the IPA_v2_RHEL_6_ERRATA_BRANCH, but was modified and tested to work with the Dogtag 10.2 architecture. CAVEAT 1: Although this patch contains changes to multiple PKI subsystem's 'CS.cfg' configuration files, an upgrade script should not be specifically required for legacy instances since the parameter that is added, 'archive.configuration_file=true', is presumed even if the parameter is missing (as it would be on any legacy instance). In this case, it would only be necessary to add this parameter to a legacy instance's CS.cfg, and set the value to 'false' in order to turn off 'CS.cfg' configuration file archival (explicit instructions detailing this are found in the 'operations' script). However, if this is desired for completeness, I don't mind adding it. CAVEAT 2: I had originally made the effort to attempt to have specific crucial WARNING messages echoed to the display as well as to the journal. I believe that this would be beneficial, as, for example, it would immediately notify an admin that since an error had occurred, 'CS.cfg' backups would be discontinued until the error was corrected. My idea was to echo these WARNING messages explicitly to stderr via redirecting them (>&2), and adding the parameter 'StandardError=journal+console' under the [Service] section of the 'pki-tomcatd(a)pki-tomcat.service' file. Unfortunately, I was never able to make this work - both stdout and stderr messages were stored in the journal, but were never displayed to the screen when typing 'systemctl restart pki-tomcatd(a)pki-tomcat.service' (even after a 'systemctl daemon-reload' had been performed). -- Matt

9 years, 9 months

4
5
0 / 0

replication of new/modified profiles

by Fraser Tweedale

Hi all, A requirement from the FreeIPA side is the ability to add and customise CA profiles. Dogtag's current profile creation behaviour writes the new profile to the filesystem beside the standard profiles (as well as making the appropriate update to the registry, etc.) There does not seem to be a mechanism to distribute new/modified profiles to replicas - though perhaps I have missed something. Because this behaviour is required, unless I have overlooked something or there is a better way (in which case please shout out), I think it makes sense to begin a design proposal for an LDAP-based profile store. Finally, a brief mention of some tickets related to profile storage that could be good to tackle simultaneously should the proposed change go ahead: - https://fedorahosted.org/pki/ticket/778 - https://fedorahosted.org/freeipa/ticket/4002

9 years, 9 months

5
23
0 / 0

[PATCH] 514 Refactored SystemCertClient.get_transport_cert().

by Endi Sukma Dewata

To simplify the usage, the SystemCertClient.get_transport_cert() has been modified to parse and decode the PEM certificate in CertData object, store the DER certificate back into the object, and return the CertData object to the client. This way the client will have access to the certificate attributes and both PEM and DER certificates. The PKIService.sendConditionalGetResponse() has been fixed to use the requested format. This is needed to display the transport certificate properly in the browser. Ticket #1062 -- Endi S. Dewata

9 years, 9 months

1
1
0 / 0

[PATCH] 513 Renamed CryptoUtil to CryptoProvider.

by Endi Sukma Dewata

The CryptoUtil classes in the Python client library has been renamed to CryptoProvider for consistency with the Java client library. The cryptoutil.py module has been renamed to crypto.py. Ticket #1042 The drmtest.py works fine with these changes. -- Endi S. Dewata

9 years, 9 months

3
3
0 / 0

[PATCH] PKI TRAC Ticket #832 - -Remove legacy 'systemctl' files . . .

by Matthew Harmsen

Please review the attached patch for: * PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . . <https://fedorahosted.org/pki/ticket/832> This patch has been tested with both GUI and non-GUI configurations.

9 years, 9 months

1
0
0 / 0

[PATCH] PKI TRAC Ticket #935 - patch to BtoA and AtoB to get ARM working

by Matthew Harmsen

Please review the attached patch (based upon what was provided by Marko Karg in Bugzilla Bug #1081916 - freeipa does not install on arm architecture <https://bugzilla.redhat.com/show_bug.cgi?id=1081916>) for the following TRAC ticket: * PKI TRAC Ticket #935 - patch to BtoA and AtoB to get ARM working <https://fedorahosted.org/pki/ticket/935> CAVEAT: To test this, all I did was add the code to the template and build on my 'x86_64' Fedora 20 machine. I extracted 'AtoB' and 'BtoA' and confirmed that they now include the 'armv7l' section, and although I have attempted to request an 'arm' machine to test this out, I have not yet been able to acquire a test machine, so I do not know if the 'arch' command actually returns 'armv7l'.

9 years, 9 months

3
2
0 / 0

[PATCH] 98 Allow users to provide input in a file to crate/modify a profile

by Abhishek Koneru

Please review the attached patch which adds methods that allow users to pass the profile data in a file. Also attached two sample xml files, original.xml and modified.xml. Place them in /tmp before running the profile.py module. Thanks, Abhishek

9 years, 9 months

3
9
0 / 0

[PATCH] 225 fixes to resolve build issues on rawhide

by Ade Lee

Changes to fix rawhide build - Removed dependency on removed internal junit class - moved cmake reference to junit4.jar to junit.jar - Disambiguate a couple of references In the interest of getting a build going on rawhide and because these changes are pretty uncontroversial, I have pushed these to master. Please speak up if there are any objections. Ade

9 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel July 2014