NOTE: Due to the complexity of these patches, and as they are
in
the midst of the review process, I would greatly appreciate it if no
more
patches are applied to
the 'master' until such time as all of these patches may be
checked in (to avoid any additional merge conflicts).
This patch documents continued implementation of the PKI Deployment
Framework based upon the revised filesystem layout documented here:
This patch must be applied AFTER the following three
patches (for convenience, all four patches have been attached to this
email):
- [Patch] Port 'tomcatjss' from Tomcat 6 to Tomcat 7 . . .
- [PATCH] PKI Deployment Framework (20120716)
- [PATCH] PKI Deployment Framework Admin Certificate PKCS12
File"
The following patch adds/corrects functionality of the existing PKI
Deployment Framework including (but not limited to):
- In 'catalina.properties', removed commented out jars for each
of the subsystems in the 'common.loader'
- In 'server.xml', removed the line containing a '1'
- Moved all parameters from the [Mandatory] and [Optional]
sections of the 'pkideployment.cfg' file to other more appropriate
sections (e.g. - [Common], [CA], [KRA], etc.), and removed these
sections and all of their associated logic from the 'pki-deploy' package
- Resolved Dogtag TRAC Ticket #225
Dogtag 10: Move "pkispawn"/"pkidestroy" logs
- Removed all security domain references from external CA logic
- Added new 'pki_subsystem_name' parameter to
'pkideployment.cfg' file, and applied logic throughout 'pki-deploy'
- Added new error message in the case of an unset DNS domain
name, and replaced the log message with a simple print in the case of a
'domainname' exception
To test this patch, follow the procedure documented in "[PATCH]
PKI Deployment Framework Admin Certificate PKCS12 File".
NOTE: All patches listed above have been successfully tested on a
64-bit Fedora 17 host - there is one minor correct that will need to be
made to 'pkidestroy',
as it failed to remove the instance directory under
'/var/log/pki'.