On 06/16/2016 06:09 PM, Endi Sukma Dewata wrote:
The code has been modified to use the JAVA_HOME path specified in
the pki.conf.
The spec file has been modified to depend specifically on OpenJDK
1.8.0 and to provide the default JAVA_HOME path for the pki.conf.
Unused Tomcat 6 files have been removed.
https://fedorahosted.org/pki/ticket/2363
New patch #776-1 for a minor cleanup.
--
Endi S. Dewata
From a04266dd8360ca5fffcc9686e4ab88be02e0e584 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Thu, 16 Jun 2016 17:23:22 -0500
Subject: [PATCH] Fixed Java dependency.
The code has been modified to use the JAVA_HOME path specified in
the pki.conf.
The spec file has been modified to depend specifically on OpenJDK
1.8.0 and to provide the default JAVA_HOME path for the pki.conf.
https://fedorahosted.org/pki/ticket/2363
---
base/common/share/etc/pki.conf | 3 +++
base/java-tools/bin/pki | 8 +++++++-
base/java-tools/templates/pki_java_command_wrapper.in | 11 +++++++----
.../templates/pretty_print_cert_command_wrapper.in | 8 +++++++-
.../templates/pretty_print_crl_command_wrapper.in | 8 +++++++-
base/server/etc/default.cfg | 2 ++
base/server/python/pki/server/deployment/pkihelper.py | 5 ++++-
base/server/python/pki/server/deployment/pkiparser.py | 12 +++++++++++-
.../pki/server/deployment/scriptlets/instance_layout.py | 12 ++++++++++++
.../server/deployment/scriptlets/slot_substitution.py | 8 --------
base/server/scripts/operations | 12 ++++++++----
base/server/share/conf/tomcat.conf | 16 ++++------------
.../server/upgrade/10.1.99/02-ReplaceJettisonWithJackson | 2 +-
base/server/upgrade/10.1.99/03-AddedRESTEasyClient | 2 +-
specs/pki-core.spec | 11 +++++------
15 files changed, 79 insertions(+), 41 deletions(-)
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index 57cb83e5a5087f4d8efea2743a1b3b7cc95c0489..f43d9148c614d8f5ed3b288e02942910d5104807 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -1,3 +1,6 @@
+# Java home
+JAVA_HOME=${JAVA_HOME}
+
# JNI jar file location
JNI_JAR_DIR=/usr/lib/java
diff --git a/base/java-tools/bin/pki b/base/java-tools/bin/pki
index 88490f7dad0093cc49f954d3a71d27f2e7fd085d..c9170831b88d88d75e077a1284d6de14c616c2f5 100644
--- a/base/java-tools/bin/pki
+++ b/base/java-tools/bin/pki
@@ -70,6 +70,12 @@ class PKICLI(pki.cli.CLI):
def execute_java(self, args, stdout=sys.stdout):
+ # read Java home
+ value = subprocess.check_output(
+ '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $JAVA_HOME',
+ shell=True)
+ java_home = value.decode(sys.getfilesystemencoding()).strip()
+
# read RESTEasy library path
value = subprocess.check_output(
'. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $RESTEASY_LIB',
@@ -117,7 +123,7 @@ class PKICLI(pki.cli.CLI):
]
cmd = [
- 'java',
+ java_home + '/bin/java',
'-cp',
':'.join(classpath),
'-Djava.util.logging.config.file=' + logging_config,
diff --git a/base/java-tools/templates/pki_java_command_wrapper.in b/base/java-tools/templates/pki_java_command_wrapper.in
index c6dfc64092608373eb57c5bc025626260d29dcb5..fcf3b3a2e1c433cb1ea5bbbd26e4a34290bdacd0 100644
--- a/base/java-tools/templates/pki_java_command_wrapper.in
+++ b/base/java-tools/templates/pki_java_command_wrapper.in
@@ -19,6 +19,12 @@
# --- END COPYRIGHT BLOCK ---
#
+# Read default PKI configuration.
+. /usr/share/pki/etc/pki.conf
+
+# Read user-defined PKI configuration.
+. /etc/pki/pki.conf
+
# Check to insure that this script's original invocation directory
# has not been deleted!
CWD=`/bin/pwd > /dev/null 2>&1`
@@ -68,7 +74,7 @@ OS=`uname -s`
if [ "${OS}" = "Linux" ] ; then
ARCHITECTURE=`arch`
- JAVA="java"
+ JAVA="${JAVA_HOME}/bin/java"
JAVA_OPTIONS=""
elif [ "${OS}" = "SunOS" ] ; then
ARCHITECTURE=`uname -p`
@@ -110,7 +116,6 @@ fi
## order this command wrapper uses to find jar files. ##
###############################################################################
-JNI_JAR_DIR=`. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $JNI_JAR_DIR`
CP=${JNI_JAR_DIR}/jss4.jar
CP=/usr/share/java/commons-cli.jar:${CP}
CP=/usr/share/java/commons-codec.jar:${CP}
@@ -124,8 +129,6 @@ CP=/usr/share/java/${PRODUCT}/pki-cmsutil.jar:${CP}
CP=/usr/share/java/${PRODUCT}/pki-tools.jar:${CP}
export CP
-LOGGING_CONFIG=`. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $LOGGING_CONFIG`
-
###############################################################################
## (6) Execute the java command specified by this java command wrapper ##
## based upon the preset LD_LIBRARY_PATH and CP environment variables. ##
diff --git a/base/java-tools/templates/pretty_print_cert_command_wrapper.in b/base/java-tools/templates/pretty_print_cert_command_wrapper.in
index 6dc86de27d4536239347bd6f47e6628745ec627f..63451d0c50be5fb711b449e71cbee9e13745a237 100644
--- a/base/java-tools/templates/pretty_print_cert_command_wrapper.in
+++ b/base/java-tools/templates/pretty_print_cert_command_wrapper.in
@@ -19,6 +19,12 @@
# --- END COPYRIGHT BLOCK ---
#
+# Read default PKI configuration.
+. /usr/share/pki/etc/pki.conf
+
+# Read user-defined PKI configuration.
+. /etc/pki/pki.conf
+
# Check to insure that this script's original invocation directory
# has not been deleted!
CWD=`/bin/pwd > /dev/null 2>&1`
@@ -68,7 +74,7 @@ OS=`uname -s`
if [ "${OS}" = "Linux" ] ; then
ARCHITECTURE=`arch`
- JAVA="java"
+ JAVA="${JAVA_HOME}/bin/java"
JAVA_OPTIONS=""
elif [ "${OS}" = "SunOS" ] ; then
ARCHITECTURE=`uname -p`
diff --git a/base/java-tools/templates/pretty_print_crl_command_wrapper.in b/base/java-tools/templates/pretty_print_crl_command_wrapper.in
index 2a74d4d609527e4d824b7f54a6169ab4ea747323..0c518ced3d89ebc9c2a4034e5799299a10536a13 100644
--- a/base/java-tools/templates/pretty_print_crl_command_wrapper.in
+++ b/base/java-tools/templates/pretty_print_crl_command_wrapper.in
@@ -19,6 +19,12 @@
# --- END COPYRIGHT BLOCK ---
#
+# Read default PKI configuration.
+. /usr/share/pki/etc/pki.conf
+
+# Read user-defined PKI configuration.
+. /etc/pki/pki.conf
+
# Check to insure that this script's original invocation directory
# has not been deleted!
CWD=`/bin/pwd > /dev/null 2>&1`
@@ -68,7 +74,7 @@ OS=`uname -s`
if [ "${OS}" = "Linux" ] ; then
ARCHITECTURE=`arch`
- JAVA="java"
+ JAVA="${JAVA_HOME}/bin/java"
JAVA_OPTIONS=""
elif [ "${OS}" = "SunOS" ] ; then
ARCHITECTURE=`uname -p`
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index 2cb887d09f9dfef7484df6aa796147bc2691f2ed..aa97e1fe621ed52dbae2cd945c4b2f450091a7b6 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -11,6 +11,8 @@
###############################################################################
[DEFAULT]
+JAVA_HOME=%(java_home)s
+
# The sensitive_parameters contains a list of parameters which may contain
# sensitive information which must not be displayed to the console nor stored
# in log files for security reasons.
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 1be984d12a051794b4e2c7fa242c4f74997acd41..0145b4926f7a4a565c56a57f07ca29913266735f 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -1818,7 +1818,10 @@ class File:
except KeyError:
# undefined parameter, skip
- pass
+ config.pki_log.debug(
+ 'ignoring slot [%s]',
+ line[begin:end + 1],
+ extra=config.PKI_INDENTATION_LEVEL_3)
# find the next parameter in the remainder of the line
begin = line.find('[', end + 1)
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index fb569d0d7042ec514888f15a9e9d76c25879b9e8..b1fc21310750625d3b33c7fb3b069b6ee602b808 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -170,9 +170,18 @@ class PKIConfigParser:
def init_config(self):
+ java_home = subprocess.check_output(
+ '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf '
+ '&& echo $JAVA_HOME',
+ shell=True)
+ java_home = java_home.decode(sys.getfilesystemencoding())
+ # workaround for pylint error E1103
+ java_home = java_home.strip()
+
# RESTEasy
resteasy_lib = subprocess.check_output(
- '. /etc/pki/pki.conf && echo $RESTEASY_LIB',
+ '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf '
+ '&& echo $RESTEASY_LIB',
shell=True)
resteasy_lib = resteasy_lib.decode(sys.getfilesystemencoding())
# workaround for pylint error E1103
@@ -203,6 +212,7 @@ class PKIConfigParser:
'pki_subsystem': config.pki_subsystem,
'pki_subsystem_type': config.pki_subsystem.lower(),
'pki_root_prefix': config.pki_root_prefix,
+ 'java_home': java_home,
'resteasy_lib': resteasy_lib,
'jni_jar_dir': jni_jar_dir,
'home_dir': os.path.expanduser("~"),
diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
index 98d82ff98d9cb40e1ee2116250b8271b04be868f..57f8537e0ba0c9739bf412291b0d40e52f989591 100644
--- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py
@@ -55,6 +55,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
deployer.mdict['pki_instance_configuration_path'],
ignore_cb=file_ignore_callback_src_server)
+ # create /etc/sysconfig/<instance>
+ deployer.file.copy_with_slot_substitution(
+ deployer.mdict['pki_source_tomcat_conf'],
+ deployer.mdict['pki_target_tomcat_conf_instance_id'],
+ uid=0, gid=0, overwrite_flag=True)
+
+ # create /var/lib/pki/<instance>/conf/tomcat.conf
+ deployer.file.copy_with_slot_substitution(
+ deployer.mdict['pki_source_tomcat_conf'],
+ deployer.mdict['pki_target_tomcat_conf'],
+ overwrite_flag=True)
+
# Deploy ROOT web application
deployer.deploy_webapp(
"ROOT",
diff --git a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
index 1e85e44da28bb49a656ed4bf37abc87838eb2591..462a682f77d41082f61d725b665e68dc945823ef 100644
--- a/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
+++ b/base/server/python/pki/server/deployment/scriptlets/slot_substitution.py
@@ -61,14 +61,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
deployer.mdict['pki_source_context_xml'],
deployer.mdict['pki_target_context_xml'],
overwrite_flag=True)
- deployer.file.copy_with_slot_substitution(
- deployer.mdict['pki_source_tomcat_conf'],
- deployer.mdict['pki_target_tomcat_conf_instance_id'],
- uid=0, gid=0, overwrite_flag=True)
- deployer.file.copy_with_slot_substitution(
- deployer.mdict['pki_source_tomcat_conf'],
- deployer.mdict['pki_target_tomcat_conf'],
- overwrite_flag=True)
if deployer.mdict['pki_subsystem'] == "CA":
deployer.file.copy_with_slot_substitution(
diff --git a/base/server/scripts/operations b/base/server/scripts/operations
index cbd329a0d4760274aea2bd6d83efa3f03313eb2d..14443c4a5251c8f5405dc8abf2146e2b45fae0c7 100644
--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
@@ -30,9 +30,11 @@
# 200-254 reserved
#
-if [ -f /etc/pki/pki.conf ] ; then
- . /etc/pki/pki.conf
-fi
+# Read default PKI configuration.
+. /usr/share/pki/etc/pki.conf
+
+# Read user-defined PKI configuration.
+. /etc/pki/pki.conf
default_error=0
@@ -920,7 +922,7 @@ verify_symlinks()
jni_jar_dir="/usr/share/java"
tomcat_dir="/usr/share/tomcat7"
else
- jni_jar_dir=`. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $JNI_JAR_DIR`
+ jni_jar_dir="$JNI_JAR_DIR"
tomcat_dir="/usr/share/tomcat"
fi
@@ -1426,6 +1428,7 @@ find_openjdks()
# function used by debian to set JAVA_HOME
# taken from /etc/init.d/tomcat7
+# TODO: get JAVA_HOME for Debian from pki.conf
set_java_home()
{
find_openjdks
@@ -1439,6 +1442,7 @@ set_java_home()
JAVA_HOME="$jdir"
fi
done
+
export JAVA_HOME
}
diff --git a/base/server/share/conf/tomcat.conf b/base/server/share/conf/tomcat.conf
index 83a6cf1e6b1cbde2a2f21165f6bef89601c93a37..bd2359c8b6bc0da4e7ccdc957b1e354ee45149cd 100644
--- a/base/server/share/conf/tomcat.conf
+++ b/base/server/share/conf/tomcat.conf
@@ -4,23 +4,15 @@
# Modifications: configuration parameters
# --- END COPYRIGHT BLOCK ---
-# System-wide configuration file for tomcat services
-# This will be sourced by tomcat and any secondary service
-# Values will be overridden by service-specific configuration
-# files in /etc/sysconfig
-#
-# Use this one to change default values for all services
-# Change the service specific ones to affect only one service
-# (see, for instance, /etc/sysconfig/tomcat)
-#
+# This file contains instance-specific configuration.
# Where your java installation lives
-#JAVA_HOME="/usr/lib/jvm/jre"
+JAVA_HOME="[JAVA_HOME]"
# Where your tomcat installation lives
CATALINA_BASE="[PKI_INSTANCE_PATH]"
-#CATALINA_HOME="/usr/share/tomcat"
-#JASPER_HOME="/usr/share/tomcat"
+
+# Instance tmp dir
CATALINA_TMPDIR=[PKI_TMPDIR]
# NOTE: JAVA_OPTS is now only read once. All desired settings must be concatenated
diff --git a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson
index 9926b60bfc95b823ea43308ab923d60d718dac8c..c08fbfa11035c5c8e1ff7bee6af64c33724a9213 100755
--- a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson
+++ b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson
@@ -40,7 +40,7 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet):
# RESTEasy library
resteasy_lib = subprocess.check_output(
- '. /etc/pki/pki.conf && echo $RESTEASY_LIB',
+ '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $RESTEASY_LIB',
shell=True)
resteasy_lib = resteasy_lib.decode(sys.getfilesystemencoding())
# workaround for pylint error E1103
diff --git a/base/server/upgrade/10.1.99/03-AddedRESTEasyClient b/base/server/upgrade/10.1.99/03-AddedRESTEasyClient
index c38e0a62fa16229320f94d5a40266e79de60ed8f..245ad3a32c442df94bfe82ed9b80ca3675e4ebbe 100755
--- a/base/server/upgrade/10.1.99/03-AddedRESTEasyClient
+++ b/base/server/upgrade/10.1.99/03-AddedRESTEasyClient
@@ -40,7 +40,7 @@ class AddedRESTEasyClient(pki.server.upgrade.PKIServerUpgradeScriptlet):
# RESTEasy library
resteasy_lib = subprocess.check_output(
- '. /etc/pki/pki.conf && echo $RESTEASY_LIB',
+ '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $RESTEASY_LIB',
shell=True)
resteasy_lib = resteasy_lib.decode(sys.getfilesystemencoding())
# workaround for pylint error E1103
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 63eee80945a03d2d85c1eb8d1ad76d8b3c208094..5574c839954730499a8084ff054d4853cf580ef2 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -20,6 +20,9 @@
%global package_fedora_packages 1
%endif
+# Java
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+
# Tomcat
%if 0%{?fedora} >= 23
%define with_tomcat7 0
@@ -65,12 +68,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: cmake >= 2.8.9-1
BuildRequires: zip
-%if 0%{?rhel}
-# HACK: RHEL builds currently suppress 'Provides: java-devel' . . .
BuildRequires: java-1.8.0-openjdk-devel
-%else
-BuildRequires: java-devel >= 1:1.8.0
-%endif
BuildRequires: redhat-rpm-config
BuildRequires: ldapjdk
BuildRequires: apache-commons-cli
@@ -286,7 +284,7 @@ least one PKI Theme package: \
Summary: Symmetric Key JNI Package
Group: System Environment/Libraries
-Requires: java-headless >= 1:1.8.0
+Requires: java-1.8.0-openjdk-headless
Requires: nss
Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 4.2.6-40
@@ -771,6 +769,7 @@ cd build
%cmake -DVERSION=%{version}-%{release} \
-DVAR_INSTALL_DIR:PATH=/var \
-DBUILD_PKI_CORE:BOOL=ON \
+ -DJAVA_HOME=%{java_home} \
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
%if %{version_phase}
--
2.4.11
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
