Make dogtag an optional (and default un-) installed component in a replica.

A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251
2025-02-25 18:55:28 -06:00 · 2011-06-17 16:47:39 -04:00
parent cbffe1d65d
commit 8a32bb3746
12 changed files with 437 additions and 133 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -356,6 +356,7 @@ fi
 %files server
 %defattr(-,root,root,-)
 %doc COPYING README Contributors.txt
+%{_sbindir}/ipa-ca-install
 %{_sbindir}/ipa-dns-install
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa-replica-conncheck
@@ -436,6 +437,7 @@ fi
 %{_mandir}/man1/ipa-server-certinstall.1.gz
 %{_mandir}/man1/ipa-server-install.1.gz
 %{_mandir}/man1/ipa-dns-install.1.gz
+%{_mandir}/man1/ipa-ca-install.1.gz
 %{_mandir}/man1/ipa-compat-manage.1.gz
 %{_mandir}/man1/ipa-nis-manage.1.gz
 %{_mandir}/man1/ipa-host-net-manage.1.gz
@@ -498,6 +500,9 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf

 %changelog
+* Fri Jun 17 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.90-4
+- Ship ipa-ca-install utility
+
 * Thu May 12 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.90-3
 - Set min nvr of selinux-policy to 3.9.16-18 on F-15+
 - Set min nvr of pki-ca to 9.0.7 on F-15+