On Mon, Feb 21, 2005 at 09:52:05PM +0100, Piotr Wadas wrote: > Date: Mon, 21 Feb 2005 21:52:05 +0100 (CET) > From: Piotr Wadas <[EMAIL PROTECTED]> > To: openca-devel@lists.sourceforge.net > Subject: Re: [OpenCA-Devel] openca-configure produces no output > > Hello, > > Which automake package you have installed? I have automake1.7 and > >don't remember any errors. > I'd been using automake 1.4 when I was writing previous message, now > I linked /etc/alternatives/automake to 1.9, and I have the same: > [...] > cd src/scep; aclocal -I . -I build > aclocal: configure.in: 71: macro `AM_PROG_LIBTOOL' not found in library > make[2]: *** [auto-scep] Error 1 > make[2]: Leaving directory `/root/OCA/openca-0.9.2.1' > make[1]: *** [force-auto-files] Error 2 > make[1]: Leaving directory `/root/OCA/openca-0.9.2.1' > make: *** [config.status] Error 2 > [...] > > versions: > ltmain.sh (GNU libtool 1.1467 2004/04/01 04:43:56) 1.5a > autoconf (GNU Autoconf) 2.59 > automake (GNU automake) 1.9.5 > (gcc is 3.3.5, regarding with scep)
Can you provide output of "apt-cache policy libtool autoconf"? > > debian/rules after applying patch has no execute permission. That because you are applying packages with patch and patch doesn't know how to fix permissions :) Actually I proccede as follows: 1. pulled openca-0.9 from CVS tag openca_0_9_2_1 2. copied directory openca-0.9 to openca-0.9.2.1 3. removed CVS dirs from openca-0.9.2.1 (actually you may export from CVS instead of checkout, but I prefer to have CVS version which could be easily updated). "cd openca-0.9.2.1; find . -type d -name CVS|xargs rm -rf" 4. made orig.tar.gz with "tar -cvf - openca-0.9.2.1|gzip -9 ->openca_0.9.2.1.orig.tar.gz" note underscore, but not dash. 5. applied debian diff and chmod-ed debian/rules to 0700 6. build packages with debuild. If you changed something in source tree, then debuild will make a diff with your changes. After that you'll have debian packages and sources of openca which could be unpacked with dpkg-source. > > However I tried creating packages with openca-0.9.2.1.tar.gz from > main site download section, and from openca-0.9 (openca_0_9_2_1) from cvs > checkout as already mentioned by Ives as "bugfixed version". > > >cvs head - in the meantime try this: > > > > cvs checkout -P -r openca_0_9_2_1 openca-0.9 > > Anyway packages are build finally after fixing these above, and > configure_etc works without as expected. However I'm still not sure > what about this "node" component - if I install from packages I create, > I have one "node" component, but is it supposed to work with _all_ > components with the same config physically? I'd rather expect different > node-management options for ca, ra, pub, ldap.. You see, for example you have installed on one host pub and ldap components. These components will use the same database so you need one node interface for pub/ldap for data exchange. The other story is, that I've installed openca-ca and openca-node and configured it, then node interface provides links to ra/pub/ldap, but host is incorect, because in config.xml only one httpd host is configured. I think it could be changed, but I didn't dig into it deep enough. > In old examples and howtos I found there are separate node instances > for each component, even in html guide there's a section entitled > "4.2. How to setup two management interfaces on one server?" > There are also some clues about tuning menu.xml to set up webpage > menu options available for for each component. How does it correspond > with question about one node instance for all online and offline > components? > I also noticed, that when I switch from component X to management node, > I need to log on again (this will be probably solved when I switch to > certificate-based authentication to OpenCA pages, instead of setting > keylength to 0). > I hope I'll figure out finally what's all about this management node > interface :). [ snip ] > Short question is, how should I configure OpenCA in this case? I don't > need separate admin for CA, RA, I even don't need RBAC. Anyway I have > about 700 (seven hundred) of users, and I must have certificates and > CSRs in some order, so built-in ca in openssl is not enough :(. > So finally, how should I configure OpenCA/plan PKI in such case? That's tough question, and IMHO depend on how much do you care about your CA key. In the very simple situation you may install all three components on one machine, but if you misconfigure it or some one breaks into it and your CA key goes away, your PKI also goes away. If you're only PKI admin, I'd install CA/RA on one secure machine and pub/ldap on another. Technically you could install all components on one physical machine and run them in different http servers or SUexec apache and I did it with very early versions of openca-0.9. Or run openca on one machine, but in different UML instances. This is what I'm doing now, playing around with openca in UML. Greetings -- Alexei Chetroi ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
