Bug 533233

Summary: Remove "pki*" scripts from pki-native-tools . . .
Product: [Retired] Dogtag Certificate System Reporter: Matthew Harmsen <mharmsen>
Component: Tools - NativeAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: high    
Version: 1.3CC: alee, cfu, dpal, jgalipea, jmagne
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 18:33:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 541012    
Attachments:
Description Flags
base diffs
none
dogtag diffs none

Description Matthew Harmsen 2009-11-05 18:15:51 UTC 
Comment From  John Dennis (jdennis)  2009-11-02 15:16:44 EDT:

The package pki-native-tools is doing a number of bogus things. It installs
these executable scripts:

/usr/bin/pkiarch
/usr/bin/pkidist
/usr/bin/pkiflavor
/usr/bin/pkiname

whose job is to echo (hardcoded) configuration information. This is not how we
store and query configuration information in Fedora (and RHEL). This
information should be located in files under /etc.

pkiarch returns 'i386', pkidist returns 'fc11' on my machine,

Each of the above executable needs to be removed and replaced with mechanisms
appropriate to our distributions (e.g. store the information in a configuration
file, marked as %config, and read the information out of that file) and/or use
the existing mechanisms to determine the arch, release, etc. If the packages
need executables like pkiarch and pkidist then it's an indication of bad
packaging practices elsewhere which also will need to be corrected.

The package pki-native-tools also installs a symbolic link

/usr/bin/pkiperl

which points to /usr/bin/perl

Then all the perl scripts in all the pki packages have this in their shebang
line:

#!/usr/bin/pkiperl

This also is bad packaging practice. If you need a specific version of perl
then that needs to be specified in the spec file so that rpm can resolve those
dependencies. Scripts then invoke /usr/bin/perl. Setting up links in /usr/bin
to specific versions of interpreters is likely to create all sorts of problems
in RPM managed systems.
Comment 1 Matthew Harmsen 2009-11-06 22:58:31 UTC 
Created attachment 367905 [details]
base diffs
Comment 2 Matthew Harmsen 2009-11-06 22:59:11 UTC 
Created attachment 367906 [details]
dogtag diffs
Comment 4 Andrew Wnuk 2009-11-07 01:02:23 UTC 
attachment (id=367905)
attachment (id=367906)
+awnuk
Comment 6 Matthew Harmsen 2009-11-07 02:09:28 UTC 
# cd pki/base

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       java-tools/templates/pretty_print_crl_command_wrapper
M       java-tools/templates/pki_java_command_wrapper
M       java-tools/templates/pretty_print_cert_command_wrapper
M       ca/shared/conf/tomcat5.conf
M       ca/shared/conf/dtomcat5
M       ca/shared/etc/init.d/httpd
M       native-tools/templates/pki_subsystem_command_wrapper
M       native-tools/templates/pki_instance_command_wrapper
M       native-tools/setup_package
M       manage/pki-install
M       manage/pki-uninstall
M       common/scripts/pkicomplete
M       silent/scripts/pkisilent
M       setup/pkihost
M       setup/pkiremove
M       setup/pkicreate
M       setup/pkicommon
M       tks/shared/conf/dtomcat5
M       tks/shared/conf/tomcat5.conf
M       tks/shared/etc/init.d/httpd
M       ra/apache/apachectl
M       ra/lib/perl/PKI/RA/ModulePanel.pm
M       ra/lib/perl/PKI/RA/DonePanel.pm
M       ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
M       ra/lib/perl/PKI/RA/AdminPanel.pm
M       ra/lib/perl/PKI/RA/Modutil.pm
M       ra/lib/perl/PKI/RA/DRMInfoPanel.pm
M       ra/lib/perl/PKI/RA/CAInfoPanel.pm
M       ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm
M       ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm
M       ra/lib/perl/PKI/RA/BasePanel.pm
M       ra/lib/perl/PKI/RA/ConfigHSMPanel.pm
M       ra/lib/perl/PKI/RA/wizard.pm
M       ra/lib/perl/PKI/RA/NamePanel.pm
M       ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm
M       ra/lib/perl/PKI/RA/Config.pm
M       ra/lib/perl/PKI/RA/Login.pm
M       ra/lib/perl/PKI/RA/GlobalVar.pm
M       ra/lib/perl/PKI/RA/CertInfo.pm
M       ra/lib/perl/PKI/RA/WelcomePanel.pm
M       ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
M       ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
M       ra/lib/perl/PKI/RA/ReqCertInfo.pm
M       ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
M       ra/lib/perl/PKI/RA/DatabasePanel.pm
M       ra/lib/perl/PKI/RA/CertRequestPanel.pm
M       ra/lib/perl/PKI/RA/AuthDBPanel.pm
M       ra/lib/perl/PKI/RA/LoginPanel.pm
M       ra/lib/perl/PKI/RA/Common.pm
M       ra/lib/perl/PKI/RA/SizePanel.pm
M       ra/lib/perl/PKI/RA/AdminAuthPanel.pm
M       ra/lib/perl/PKI/RA/TKSInfoPanel.pm
M       ra/lib/perl/PKI/RA/AgentAuthPanel.pm
M       ra/lib/perl/PKI/Base/Conf.pm
M       ra/lib/perl/Template/Velocity.pm
M       ra/scripts/nss_pcache
M       ra/etc/init.d/httpd
M       console/templates/pki_console_wrapper
M       ocsp/shared/conf/dtomcat5
M       ocsp/shared/conf/tomcat5.conf
M       ocsp/shared/etc/init.d/httpd
M       tps/scripts/nss_pcache
M       tps/lib/perl/PKI/TPS/ModulePanel.pm
M       tps/lib/perl/PKI/TPS/DonePanel.pm
M       tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
M       tps/lib/perl/PKI/TPS/AdminPanel.pm
M       tps/lib/perl/PKI/TPS/Modutil.pm
M       tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
M       tps/lib/perl/PKI/TPS/CAInfoPanel.pm
M       tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
M       tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
M       tps/lib/perl/PKI/TPS/BasePanel.pm
M       tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
M       tps/lib/perl/PKI/TPS/wizard.pm
M       tps/lib/perl/PKI/TPS/NamePanel.pm
M       tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
M       tps/lib/perl/PKI/TPS/Config.pm
M       tps/lib/perl/PKI/TPS/Login.pm
M       tps/lib/perl/PKI/TPS/CertInfo.pm
M       tps/lib/perl/PKI/TPS/GlobalVar.pm
M       tps/lib/perl/PKI/TPS/WelcomePanel.pm
M       tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
M       tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
M       tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
M       tps/lib/perl/PKI/TPS/ReqCertInfo.pm
M       tps/lib/perl/PKI/TPS/DatabasePanel.pm
M       tps/lib/perl/PKI/TPS/CertRequestPanel.pm
M       tps/lib/perl/PKI/TPS/AuthDBPanel.pm
M       tps/lib/perl/PKI/TPS/Common.pm
M       tps/lib/perl/PKI/TPS/LoginPanel.pm
M       tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
M       tps/lib/perl/PKI/TPS/SizePanel.pm
M       tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
M       tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
M       tps/lib/perl/PKI/Base/Conf.pm
M       tps/lib/perl/Template/Velocity.pm
M       tps/setup_package
M       tps/apache/pki_subsystem_command_wrapper
M       tps/apache/apachectl
M       tps/apache/pki_instance_command_wrapper
M       tps/forms/esc/cgi-bin/sow/cfg.pl
M       tps/etc/init.d/httpd
M       kra/shared/conf/tomcat5.conf
M       kra/shared/conf/dtomcat5
M       kra/shared/etc/init.d/httpd

# svn commit
Sending        base/ca/shared/conf/dtomcat5
Sending        base/ca/shared/conf/tomcat5.conf
Sending        base/ca/shared/etc/init.d/httpd
Sending        base/common/scripts/pkicomplete
Sending        base/console/templates/pki_console_wrapper
Sending        base/java-tools/templates/pki_java_command_wrapper
Sending        base/java-tools/templates/pretty_print_cert_command_wrapper
Sending        base/java-tools/templates/pretty_print_crl_command_wrapper
Sending        base/kra/shared/conf/dtomcat5
Sending        base/kra/shared/conf/tomcat5.conf
Sending        base/kra/shared/etc/init.d/httpd
Sending        base/manage/pki-install
Sending        base/manage/pki-uninstall
Sending        base/native-tools/setup_package
Sending        base/native-tools/templates/pki_instance_command_wrapper
Sending        base/native-tools/templates/pki_subsystem_command_wrapper
Sending        base/ocsp/shared/conf/dtomcat5
Sending        base/ocsp/shared/conf/tomcat5.conf
Sending        base/ocsp/shared/etc/init.d/httpd
Sending        base/ra/apache/apachectl
Sending        base/ra/etc/init.d/httpd
Sending        base/ra/lib/perl/PKI/Base/Conf.pm
Sending        base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm
Sending        base/ra/lib/perl/PKI/RA/AdminPanel.pm
Sending        base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm
Sending        base/ra/lib/perl/PKI/RA/AuthDBPanel.pm
Sending        base/ra/lib/perl/PKI/RA/BasePanel.pm
Sending        base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
Sending        base/ra/lib/perl/PKI/RA/CertInfo.pm
Sending        base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm
Sending        base/ra/lib/perl/PKI/RA/CertRequestPanel.pm
Sending        base/ra/lib/perl/PKI/RA/Common.pm
Sending        base/ra/lib/perl/PKI/RA/Config.pm
Sending        base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm
Sending        base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DatabasePanel.pm
Sending        base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm
Sending        base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
Sending        base/ra/lib/perl/PKI/RA/DonePanel.pm
Sending        base/ra/lib/perl/PKI/RA/GlobalVar.pm
Sending        base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
Sending        base/ra/lib/perl/PKI/RA/Login.pm
Sending        base/ra/lib/perl/PKI/RA/LoginPanel.pm
Sending        base/ra/lib/perl/PKI/RA/ModulePanel.pm
Sending        base/ra/lib/perl/PKI/RA/Modutil.pm
Sending        base/ra/lib/perl/PKI/RA/NamePanel.pm
Sending        base/ra/lib/perl/PKI/RA/ReqCertInfo.pm
Sending        base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
Sending        base/ra/lib/perl/PKI/RA/SizePanel.pm
Sending        base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
Sending        base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm
Sending        base/ra/lib/perl/PKI/RA/WelcomePanel.pm
Sending        base/ra/lib/perl/PKI/RA/wizard.pm
Sending        base/ra/lib/perl/Template/Velocity.pm
Sending        base/ra/scripts/nss_pcache
Sending        base/setup/pkicommon
Sending        base/setup/pkicreate
Sending        base/setup/pkihost
Sending        base/setup/pkiremove
Sending        base/silent/scripts/pkisilent
Sending        base/tks/shared/conf/dtomcat5
Sending        base/tks/shared/conf/tomcat5.conf
Sending        base/tks/shared/etc/init.d/httpd
Sending        base/tps/apache/apachectl
Sending        base/tps/apache/pki_instance_command_wrapper
Sending        base/tps/apache/pki_subsystem_command_wrapper
Sending        base/tps/etc/init.d/httpd
Sending        base/tps/forms/esc/cgi-bin/sow/cfg.pl
Sending        base/tps/lib/perl/PKI/Base/Conf.pm
Sending        base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/AdminPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/BasePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/CertInfo.pm
Sending        base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/Common.pm
Sending        base/tps/lib/perl/PKI/TPS/Config.pm
Sending        base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DatabasePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
Sending        base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/DonePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/GlobalVar.pm
Sending        base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/Login.pm
Sending        base/tps/lib/perl/PKI/TPS/LoginPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/ModulePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/Modutil.pm
Sending        base/tps/lib/perl/PKI/TPS/NamePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm
Sending        base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/SizePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/WelcomePanel.pm
Sending        base/tps/lib/perl/PKI/TPS/wizard.pm
Sending        base/tps/lib/perl/Template/Velocity.pm
Sending        base/tps/scripts/nss_pcache
Sending        base/tps/setup_package
Transmitting file data .........................................................................................................
Committed revision 812.

# cd pki/dogtag

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       java-tools/pki-java-tools.spec
M       tps-ui/shared/cgi-bin/sow/cfg.pl
M       ca/pki-ca.spec
M       common/pki-common.spec
M       ca-ui/dogtag-pki-ca-ui.spec
M       silent/pki-silent.spec
M       setup/pki-setup.spec
M       common-ui/dogtag-pki-common-ui.spec
M       util/pki-util.spec

# svn commit
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/ca-ui/dogtag-pki-ca-ui.spec
Sending        dogtag/common/pki-common.spec
Sending        dogtag/common-ui/dogtag-pki-common-ui.spec
Sending        dogtag/java-tools/pki-java-tools.spec
Sending        dogtag/setup/pki-setup.spec
Sending        dogtag/silent/pki-silent.spec
Sending        dogtag/tps-ui/shared/cgi-bin/sow/cfg.pl
Sending        dogtag/util/pki-util.spec
Transmitting file data .........
Committed revision 813.