Please review and provide an ACK for the attached patch.
This patch attempts to continue implementation of the PKI
Deployment Framework based upon the revised filesystem layout
documented here:
The following patch adds/corrects functionality of the existing
PKI Deployment Framework including (but not limited to):
- Massaged logic to comply with PKI subsystems running
within
a shared instance
- Developed code to take advantage of a single shared NSS
security
database model
- Completed the following two 'scriptlets':
- Created several additional PKI deployment helper
utilities.
After being installed on a FRESH system, this code can be tested
by running the following command-line examples (as 'root' or
'sudo'):
- mkdir /tmp/pki
- sudo pkispawn -s CA -p /tmp/pki -v --dry_run
- sudo pkispawn -s CA -p /tmp/pki -v
- sudo pkispawn -s CA -p /tmp/pki -u -v --dry_run
- sudo pkispawn -s CA -p /tmp/pki -u -v
- sudo pkidestroy -s CA -p /tmp/pki -v --dry_run
- sudo pkidestroy -s CA -p /tmp/pki -v
For the most part, this code ONLY affects the un-released
'pki-deploy' package, so check-in of these changes should not harm
the existing source in any way.
The exceptions to this are changes to the following three
previously existing files:
- base/ca/shared/conf/CS.cfg.in
- base/ra/apache/conf/httpd.conf
- base/tps/apache/conf/httpd.conf
and the addition of the following new qqfour files to account
for the eventual move to Tomcat 7:
- base/ca/shared/conf/tomcat.conf
- base/kra/shared/conf/tomcat.conf
- base/ocsp/shared/conf/tomcat.conf
- base/tks/shared/conf/tomcat.conf
Thanks in advance,
-- Matt