Merge branch 'ODN_v1.0.2'

pom.xml

@@ -4,7 +4,7 @@
     <groupId>sk.eea.edem</groupId>
     <artifactId>odn-cas-overlay</artifactId>
     <packaging>war</packaging>
-    <version>1.0.1</version>
+    <version>1.0.2</version>
 
     <build>
         <plugins>
@@ -91,7 +91,6 @@
                                                 <path>/var/cache/odn-cas/</path>
                                                 <path>/var/log/odn-cas/</path>
                                                 <path>/var/tmp/odn-cas</path>
-                                                <path>/var/lib/ldap_odn</path>
                                             </paths>
                                             <mapper>
                                                 <type>perm</type>

src/deb/control/postinst

@@ -68,17 +68,22 @@ generate_keystore() {
     PRIVATEKEY_PASS="changeit"
     DAYS_VALID=730
 
-    mkdir /usr/local/share/ca-certificates/$HOSTNAME
-
-    openssl req -x509 -days $DAYS_VALID -newkey rsa:2048 -keyout servicekey.pem -out servicecert.pem -passout pass:$KEYSTORE_PASSWORD -subj '/CN='${HOSTNAME}''
-    openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out service.p12 -name tomcat -passin pass:$KEYSTORE_PASSWORD -passout pass:$PRIVATEKEY_PASS
-    keytool -importkeystore -destkeystore $KEYSTORE_NAME -deststorepass $KEYSTORE_PASSWORD -deststoretype jks -srckeystore service.p12 -srcstorepass $PRIVATEKEY_PASS -srcstoretype pkcs12
-    keytool -export -storepass $KEYSTORE_PASSWORD -keystore /usr/share/odn-cas/conf/.keystore -alias tomcat -file /usr/local/share/ca-certificates/$HOSTNAME/export.crt
-    rm *.pem *.p12
-
-    update-ca-certificates
-
-    echo "keystore created"
+    CERTS_PATH=/usr/local/share/ca-certificates/$HOSTNAME
+    if [ ! -d $CERTS_PATH ] ; then 
+        mkdir $CERTS_PATH
+
+        openssl req -x509 -days $DAYS_VALID -newkey rsa:2048 -keyout servicekey.pem -out servicecert.pem -passout pass:$KEYSTORE_PASSWORD -subj '/CN='${HOSTNAME}''
+        openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out service.p12 -name tomcat -passin pass:$KEYSTORE_PASSWORD -passout pass:$PRIVATEKEY_PASS
+        keytool -importkeystore -destkeystore $KEYSTORE_NAME -deststorepass $KEYSTORE_PASSWORD -deststoretype jks -srckeystore service.p12 -srcstorepass $PRIVATEKEY_PASS -srcstoretype pkcs12
+        keytool -export -storepass $KEYSTORE_PASSWORD -keystore /usr/share/odn-cas/conf/.keystore -alias tomcat -file $CERTS_PATH/export.crt
+        rm *.pem *.p12
+
+        update-ca-certificates
+        echo "keystore created"
+    else
+        echo "keystore has already been set"
+    fi
+
     echo "<< generate_keystore"
 } 
 
@@ -89,24 +94,30 @@ set_ldap_evolveum() {
     chmod +x /usr/share/odn-cas/bin/ldapgenerate 
     chmod +x /usr/share/odn-cas/bin/slapdconf 
     chmod +x /usr/share/odn-cas/bin/slapdadm
-    chmod +x /usr/share/odn-cas/bin/ldaptest
+    chmod +x /usr/share/odn-cas/bin/ldaptest 
 
     LDAP_DB_PATH=/var/lib/ldap_odn
-    chown -R openldap:openldap $LDAP_DB_PATH
+
+    if [ ! -d $LDAP_DB_PATH ]; then
+        mkdir -p /var/lib/ldap_odn
+        chown -R openldap:openldap $LDAP_DB_PATH
+
+        TREE="dc=opendata,dc=org"
 
-    TREE="dc=opendata,dc=org"
+        /usr/share/odn-cas/bin/slapdconf create-suffix $TREE --dbDir $LDAP_DB_PATH --rootPassword admin
 
-    /usr/share/odn-cas/bin/slapdconf create-suffix $TREE --dbDir $LDAP_DB_PATH --rootPassword admin
+        /usr/share/odn-cas/bin/slapdconf add-module sssvlv
+        /usr/share/odn-cas/bin/slapdconf add-overlay $TREE sssvlv olcSssVlvConfig
 
-    /usr/share/odn-cas/bin/slapdconf add-module sssvlv
-    /usr/share/odn-cas/bin/slapdconf add-overlay $TREE sssvlv olcSssVlvConfig
+        /usr/share/odn-cas/bin/ldapgenerate -D cn=admin,$TREE -w admin -i -s dc=opendata,dc=org
 
-    /usr/share/odn-cas/bin/ldapgenerate -D cn=admin,$TREE -w admin -i -s dc=opendata,dc=org
-
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/admin.ldif
-    ldapmodify -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/acl.ldif
-
-    echo "ldap user for IDM created"
+        ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/admin.ldif
+        ldapmodify -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/acl.ldif     
+        echo "ldap user for IDM created"	
+    else
+        echo "ldap has already been set"
+    fi
+
     echo "<< set_ldap"
 }
 

src/deb/control/postrm

@@ -0,0 +1,95 @@
+#!/bin/sh
+# postrm script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+get_hostname() {
+    HOSTNAME=`hostname --all-fqdns`
+    if [ -z ${HOSTNAME}  ]
+    then
+        HOSTNAME=`hostname`
+    fi
+
+    if [ -z ${HOSTNAME}  ] 
+    then
+        HOSTNAME="localhost"
+    fi
+
+    HOSTNAME="$(echo "${HOSTNAME}" | tr -d '[[:space:]]')"    
+    # return hostname
+    echo "$HOSTNAME"
+}
+
+
+case "$1" in
+
+    remove|abort-install|disappear)
+
+
+    ;;
+    purge)
+    # clean ldap
+    ODN_CONF_LDAP=/etc/ldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
+    if [ -f $ODN_CONF_LDAP  ] ; then     
+        rm -f $ODN_CONF_LDAP 
+    fi
+
+    ODN_CONF_LDAP=/etc/ldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb
+    if [ -d $ODN_CONF_LDAP  ] ; then     
+        rm -rf $ODN_CONF_LDAP 
+    fi
+
+    LDAP_DB_PATH=/var/lib/ldap_odn
+    if [ -d $LDAP_DB_PATH  ] ; then     
+        rm -rf $LDAP_DB_PATH 
+    fi
+
+    # reload default slapd configuration
+    if [ -x "/etc/init.d/slapd" ]; then
+        invoke-rc.d slapd start || true
+    fi 
+
+    # clean cert
+    HOSTNAME=$(get_hostname)
+    CERTS_PATH=/usr/local/share/ca-certificates/$HOSTNAME
+    if [ -d $CERTS_PATH  ] ; then     
+        rm -rf $CERTS_PATH 
+    fi
+
+    update-ca-certificates
+
+    ;;
+
+
+    upgrade|failed-upgrade|abort-upgrade)
+
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

src/deb/control/prerm

@@ -0,0 +1,46 @@
+#!/bin/sh
+# prerm script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+  remove|upgrade|deconfigure)
+    # stop slapd because configuration files will be removed
+    if [ -x "/etc/init.d/slapd" ]; then
+        invoke-rc.d slapd stop || true
+    fi    
+
+    ;;
+
+ failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+
+#DEBHELPER#
+
+exit 0
+
+