Re: [Pki-devel] [pki-devel][PATCH] 0077-Make-starting-CRL-Number-configurable.patch
Verbally acked by edewata thanks! : pushed to master Closing ticket: #2406 - Original Message - > From: "John Magne"> To: "pki-devel" > Sent: Wednesday, July 27, 2016 11:53:34 AM > Subject: [Pki-devel] [pki-devel][PATCH] > 0077-Make-starting-CRL-Number-configurable.patch > > Make starting CRL Number configurable. > > Ticket #2406 Make starting CRL Number configurable > > This simple patch provides a pkispawn config param that passes > some starting crl number value to the config process. > > Here is a sample: > > [CA] > pki_ca_starting_crl_number=4000 > > After the CA comes up the value of "crlNumber" in the db will > reflect that value of 4000. > > Currently no other values are changed. We can talk about if we > need more values reset in the given case. > > Also, this creates a setting in the CS.cfg > > ca.crl.MasterCrl.startingCrlNumber=4000 > > This setting is only consulted when the crl Issuing Point record is > created > for the first time. > > ___ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH] Fix NumberFormatException for tps-cert-find when given non integer value to size and start option
Geetika, Yes, more info would be helpful. I have some comments below. On 7/27/2016 7:37 AM, Geetika Kapoor wrote: Hi, I tried to fix NumberFormatException when i did tps-cert-find with non-integer/invalid range value for size and start.I was doing testing for tps-cert and then i came across this.I thought giving some additional info to users inplace of numberformat.I have done similar fix on rhel7 compile it and make a jar and test on rhel7 .I can share that patch if needed. Below are the test result. Before fix testing: 1. pki -h pki1.example.com -p 25080 tps-cert-find --start "gy" NumberFormatException: For input string: "gy" 2. pki -h pki1.example.com -p 25080 tps-cert-find --size "gy" NumberFormatException: For input string: "gy" 3. pki -p 25080 tps-cert-find --start 178999 NumberFormatException: For input string: "178999" After fix testing: 1. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --start "gy" Error: Enter valid integer value for size/start option usage: tps-cert-find [FILTER] [OPTIONS...] --helpShow help options --size Page size --startPage start --token Token ID I think it would be useful to show the user which the parameter has the invalid value and also the invalid value itself, so something like this: Error: Invalid value for --start parameter: gy 2. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --size "hy" Error: Enter valid integer value for size/start option usage: tps-cert-find [FILTER] [OPTIONS...] --helpShow help options --size Page size --startPage start --token Token ID Same thing here: Error: Invalid value for --size parameter: hy So you may need to create separate try-catch blocks for each parameter. Another thing, I'm not sure if we should display the command usage after the failure. The usage could be very long and it may obscure the error message. The error message itself should be sufficient to fix the problem, and if needed the user can see the usage using --help parameter. We probably can display something like this after the error message (replace with the actual command name): Try 'pki --help' for more information. One more thing, please preserve the formatting of the existing code. We use 4 spaces instead of tabs for indentation. Thanks. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] 803 Fixed SELinux contexts.
The deployment tool has been modified to set up SELinux contexts after all instance files have been created to ensure they have the correct contexts. An upgrade script has been added to fix existing instances. https://fedorahosted.org/pki/ticket/2421 -- Endi S. Dewata >From e82d59dd702390111ee7b9bd2aab512e2c850aeb Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"Date: Wed, 27 Jul 2016 19:51:37 +0200 Subject: [PATCH] Fixed SELinux contexts. The deployment tool has been modified to set up SELinux contexts after all instance files have been created to ensure they have the correct contexts. An upgrade script has been added to fix existing instances. https://fedorahosted.org/pki/ticket/2421 --- base/server/etc/default.cfg | 2 +- base/server/python/pki/server/__init__.py| 7 - base/server/upgrade/10.3.5/02-FixSELinuxContexts | 36 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 base/server/upgrade/10.3.5/02-FixSELinuxContexts diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 4919cb46d0088d29cb23fea179469a822f60bac7..8504c5129f9494457b7591e099bdcf1b0ff1b66c 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -39,10 +39,10 @@ spawn_scriplets= infrastructure_layout instance_layout subsystem_layout -selinux_setup webapp_deployment slot_substitution security_databases +selinux_setup configuration finalization diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 03bb225dca48b396c342af50fab421491d052622..13b3258580e6536cea2b99ad9955ae8ff2e32de5 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -39,7 +39,10 @@ import pki.nssdb import pki.util INSTANCE_BASE_DIR = '/var/lib/pki' +CONFIG_BASE_DIR = '/etc/pki' +LOG_BASE_DIR = '/var/log/pki' REGISTRY_DIR = '/etc/sysconfig/pki' + SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps'] SUBSYSTEM_CLASSES = {} @@ -476,7 +479,9 @@ class PKIInstance(object): else: self.base_dir = os.path.join(pki.BASE_DIR, name) -self.conf_dir = os.path.join(self.base_dir, 'conf') +self.conf_dir = os.path.join(CONFIG_BASE_DIR, name) +self.log_dir = os.path.join(LOG_BASE_DIR, name) + self.password_conf = os.path.join(self.conf_dir, 'password.conf') self.external_certs_conf = os.path.join( self.conf_dir, 'external_certs.conf') diff --git a/base/server/upgrade/10.3.5/02-FixSELinuxContexts b/base/server/upgrade/10.3.5/02-FixSELinuxContexts new file mode 100644 index ..f3d981efac5d69515387b424ac6e04733f5e3a7d --- /dev/null +++ b/base/server/upgrade/10.3.5/02-FixSELinuxContexts @@ -0,0 +1,36 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. + +from __future__ import absolute_import +import selinux +import pki.server.upgrade + + +class FixSELinuxContexts(pki.server.upgrade.PKIServerUpgradeScriptlet): + +def __init__(self): +super(FixSELinuxContexts, self).__init__() +self.message = 'Fix SELinux contexts' + +def upgrade_instance(self, instance): + +selinux.restorecon(instance.base_dir, True) +selinux.restorecon(instance.conf_dir, True) +selinux.restorecon(instance.log_dir, True) -- 2.5.5 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] 802 Added upgrade scripts to fix server library.
An upgrade script has been added to replace the /common in existing instances with a link to /usr/share/pki/server/common which contains links to server dependencies. https://fedorahosted.org/pki/ticket/2403 -- Endi S. Dewata >From d9f054449015c69e93eb2cdad6377c7073e97812 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"Date: Sun, 24 Jul 2016 07:36:36 +0200 Subject: [PATCH] Added upgrade scripts to fix server library. An upgrade script has been added to replace the /common in existing instances with a link to /usr/share/pki/server/common which contains links to server dependencies. https://fedorahosted.org/pki/ticket/2403 --- base/common/upgrade/10.3.4/.gitignore | 4 +++ base/common/upgrade/10.3.5/.gitignore | 4 +++ base/server/upgrade/10.3.4/.gitignore | 4 +++ base/server/upgrade/10.3.5/01-FixServerLibrary | 46 ++ 4 files changed, 58 insertions(+) create mode 100644 base/common/upgrade/10.3.4/.gitignore create mode 100644 base/common/upgrade/10.3.5/.gitignore create mode 100644 base/server/upgrade/10.3.4/.gitignore create mode 100644 base/server/upgrade/10.3.5/01-FixServerLibrary diff --git a/base/common/upgrade/10.3.4/.gitignore b/base/common/upgrade/10.3.4/.gitignore new file mode 100644 index ..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.3.4/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/common/upgrade/10.3.5/.gitignore b/base/common/upgrade/10.3.5/.gitignore new file mode 100644 index ..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.3.5/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/server/upgrade/10.3.4/.gitignore b/base/server/upgrade/10.3.4/.gitignore new file mode 100644 index ..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/server/upgrade/10.3.4/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/server/upgrade/10.3.5/01-FixServerLibrary b/base/server/upgrade/10.3.5/01-FixServerLibrary new file mode 100644 index ..79d496559ba1e1cb02ea5f0d02364dd230a6f4d5 --- /dev/null +++ b/base/server/upgrade/10.3.5/01-FixServerLibrary @@ -0,0 +1,46 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. + +from __future__ import absolute_import +import os.path +import shutil +import pki.server.upgrade + + +class FixServerLibrary(pki.server.upgrade.PKIServerUpgradeScriptlet): + +def __init__(self): +super(FixServerLibrary, self).__init__() +self.message = 'Fix server library' + +def upgrade_instance(self, instance): + +common_dir = os.path.join(instance.base_dir, 'common') + +# if /common is already a link, skip +if os.path.islink(common_dir): +return + +# remove old /common +shutil.rmtree(common_dir) + +# link /common to /usr/share/pki/server/common +os.symlink('/usr/share/pki/server/common', common_dir) +os.lchown(common_dir, instance.uid, instance.gid) -- 2.5.5 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] Fix NumberFormatException for tps-cert-find when given non integer value to size and start option
Hi, I tried to fix NumberFormatException when i did tps-cert-find with non-integer/invalid range value for size and start.I was doing testing for tps-cert and then i came across this.I thought giving some additional info to users inplace of numberformat.I have done similar fix on rhel7 compile it and make a jar and test on rhel7 .I can share that patch if needed. Below are the test result. Before fix testing: 1. pki -h pki1.example.com -p 25080 tps-cert-find --start "gy" NumberFormatException: For input string: "gy" 2. pki -h pki1.example.com -p 25080 tps-cert-find --size "gy" NumberFormatException: For input string: "gy" 3. pki -p 25080 tps-cert-find --start 178999 NumberFormatException: For input string: "178999" After fix testing: 1. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --start "gy" Error: Enter valid integer value for size/start option usage: tps-cert-find [FILTER] [OPTIONS...] --helpShow help options --size Page size --startPage start --token Token ID 2. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --size "hy" Error: Enter valid integer value for size/start option usage: tps-cert-find [FILTER] [OPTIONS...] --helpShow help options --size Page size --startPage start --token Token ID 3. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --start 1 - 2 entries matched - Cert ID: 3d.20160720042931 Serial Number: 0x3d Subject: UID=ldapuser7,O=Token Key User Token ID: 40906145C76224192D78 Key Type: encryption Status: active User ID: ldapuser7 Create Time: Wed Jul 20 04:29:31 EDT 2016 Number of entries returned 1 4. [root@pki1 ~]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --size 1 - 2 entries matched - Cert ID: 3c.20160720042931 Serial Number: 0x3c Subject: UID=ldapuser7,O=Token Key User Token ID: 40906145C76224192D78 Key Type: signing Status: active User ID: ldapuser7 Create Time: Wed Jul 20 04:29:31 EDT 2016 Number of entries returned 1 5. [root@pki1 cert]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 25080 tps-cert-find --start 178999 Error: Enter valid integer value for size/start option usage: tps-cert-find [FILTER] [OPTIONS...] --helpShow help options --size Page size --startPage start --token Token ID Thanks Geetika From 6ed113a347f392c5237c59f4e3b7bda71dd1aee3 Mon Sep 17 00:00:00 2001 From: Geetika KapoorDate: Wed, 27 Jul 2016 08:15:59 -0400 Subject: [PATCH] Added logging inplace of NumberFormatException for tps-cert size and start Signed-off-by: Geetika Kapoor --- .../netscape/cmstools/tps/cert/TPSCertFindCLI.java | 54 +++--- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java b/base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java index 9cbdad6da5ea26a618c8fda05a575ced9b4942d0..ec03c1a0e923453da8ed2c1141792f29c00c3616 100644 --- a/base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/tps/cert/TPSCertFindCLI.java @@ -84,32 +84,34 @@ public class TPSCertFindCLI extends CLI { String filter = cmdArgs.length > 0 ? cmdArgs[0] : null; String tokenID = cmd.getOptionValue("token"); - -String s = cmd.getOptionValue("start"); -Integer start = s == null ? null : Integer.valueOf(s); - -s = cmd.getOptionValue("size"); -Integer size = s == null ? null : Integer.valueOf(s); - -TPSCertCollection result = certCLI.certClient.findCerts(filter, tokenID, start, size); - -MainCLI.printMessage(result.getTotal() + " entries matched"); -if (result.getTotal() == 0) return; - -Collection certs = result.getEntries(); -boolean first = true; - -for (TPSCertData certData : certs) { - -if (first) { -first = false; -} else { -System.out.println(); -} - -TPSCertCLI.printCert(certData); +try { + + String s = cmd.getOptionValue("start"); +Integer start = s == null ? null : Integer.valueOf(s); + s = cmd.getOptionValue("size"); +Integer size = s == null ? null : Integer.valueOf(s); +TPSCertCollection result = certCLI.certClient.findCerts(filter, tokenID, start, size); +