|
 |
ad7e68 |
################################################################################
|
|
|
ad7e68 |
Name: pki-core
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%global product_name PKI
|
|
|
ad7e68 |
%global product_id pki
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# NOTE: Do not specify the theme for pki-core
|
|
|
ad7e68 |
# global theme dogtag
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Core Package
|
|
|
ad7e68 |
URL: https://www.dogtagpki.org
|
|
|
ad7e68 |
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
|
|
|
ad7e68 |
License: GPLv2 and LGPLv2
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
|
|
ad7e68 |
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
|
|
cdddd4 |
Version: 11.0.3
|
|
|
cdddd4 |
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
|
|
997495 |
#global _phase -alpha1
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# To create a tarball from a version tag:
|
|
|
ad7e68 |
# $ git archive \
|
|
|
ad7e68 |
# --format=tar.gz \
|
|
|
ad7e68 |
# --prefix pki-<version>/ \
|
|
|
ad7e68 |
# -o pki-<version>.tar.gz \
|
|
|
ad7e68 |
# <version tag>
|
|
|
ad7e68 |
Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{version}%{?_phase}.tar.gz
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# To create a patch for all changes since a version tag:
|
|
|
ad7e68 |
# $ git format-patch \
|
|
|
ad7e68 |
# --stdout \
|
|
|
ad7e68 |
# <version tag> \
|
|
|
ad7e68 |
# > pki-VERSION-RELEASE.patch
|
|
|
ad7e68 |
# Patch: pki-VERSION-RELEASE.patch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
|
|
ad7e68 |
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
|
|
ad7e68 |
# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
|
|
|
ad7e68 |
# safest.
|
|
|
ad7e68 |
%if ! 0%{?rhel} || 0%{?rhel} > 8
|
|
|
ad7e68 |
ExcludeArch: i686
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# NSS
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%global nss_default_db_type sql
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# Python
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
%global python_executable /usr/libexec/platform-python
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
%global python_executable /usr/bin/python3
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# Java
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%define java_devel java-11-openjdk-devel
|
|
|
ad7e68 |
%define java_headless java-11-openjdk-headless
|
|
|
5b6495 |
%define java_home %{_jvmdir}/jre-11-openjdk
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# RESTEasy
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%define jaxrs_api_jar /usr/share/java/jboss-jaxrs-2.0-api.jar
|
|
|
ad7e68 |
%define resteasy_lib /usr/share/java/resteasy
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# PKI
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Execute unit tests unless --without test is specified.
|
|
|
ad7e68 |
%bcond_without test
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Don't build console unless --with console is specified.
|
|
|
ad7e68 |
%bcond_with console
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# By default all packages will be built except the ones specified with
|
|
|
ad7e68 |
# --without <package> option (exclusion method).
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# If --with pkgs option is specified, only packages specified with
|
|
|
ad7e68 |
# --with <package> will be built (inclusion method).
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%bcond_with pkgs
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Define package_option macro to wrap bcond_with or bcond_without macro
|
|
|
ad7e68 |
# depending on package selection method.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with pkgs}
|
|
|
ad7e68 |
%define package_option() %bcond_with %1
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
%define package_option() %bcond_without %1
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Define --with <package> or --without <package> options depending on
|
|
|
ad7e68 |
# package selection method.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%package_option base
|
|
|
ad7e68 |
%package_option server
|
|
|
ad7e68 |
%package_option acme
|
|
|
ad7e68 |
%package_option ca
|
|
|
ad7e68 |
%package_option kra
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# NOTE: Do not build the following packages for pki-core
|
|
|
ad7e68 |
# package_option ocsp
|
|
|
ad7e68 |
# package_option tks
|
|
|
ad7e68 |
# package_option tps
|
|
|
ad7e68 |
# package_option javadoc
|
|
|
ad7e68 |
# package_option theme
|
|
|
ad7e68 |
# package_option meta
|
|
|
ad7e68 |
# package_option tests
|
|
|
ad7e68 |
# package_option debug
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if ! %{with debug}
|
|
|
ad7e68 |
%define debug_package %{nil}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# ignore unpackaged files from native 'tpsclient'
|
|
|
ad7e68 |
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
|
|
|
ad7e68 |
%define _unpackaged_files_terminate_build 0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# The PKI UID and GID are preallocated, see:
|
|
|
ad7e68 |
# https://bugzilla.redhat.com/show_bug.cgi?id=476316
|
|
|
ad7e68 |
# https://bugzilla.redhat.com/show_bug.cgi?id=476782
|
|
|
ad7e68 |
# https://pagure.io/setup/blob/master/f/uidgid
|
|
|
ad7e68 |
# /usr/share/doc/setup/uidgid
|
|
|
ad7e68 |
%define pki_username pkiuser
|
|
|
ad7e68 |
%define pki_uid 17
|
|
|
ad7e68 |
%define pki_groupname pkiuser
|
|
|
ad7e68 |
%define pki_gid 17
|
|
|
ad7e68 |
%define pki_homedir /usr/share/pki
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%global saveFileContext() \
|
|
|
ad7e68 |
if [ -s /etc/selinux/config ]; then \
|
|
|
ad7e68 |
. %{_sysconfdir}/selinux/config; \
|
|
|
ad7e68 |
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
|
|
|
ad7e68 |
if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
|
|
|
ad7e68 |
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \
|
|
|
ad7e68 |
fi \
|
|
|
ad7e68 |
fi;
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%global relabel() \
|
|
|
ad7e68 |
. %{_sysconfdir}/selinux/config; \
|
|
|
ad7e68 |
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
|
|
|
ad7e68 |
selinuxenabled; \
|
|
|
ad7e68 |
if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \
|
|
|
ad7e68 |
fixfiles -C ${FILE_CONTEXT}.%{name} restore; \
|
|
|
ad7e68 |
rm -f ${FILE_CONTEXT}.%name; \
|
|
|
ad7e68 |
fi;
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
# Build Dependencies
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: make
|
|
|
ad7e68 |
BuildRequires: cmake >= 3.0.2
|
|
|
ad7e68 |
BuildRequires: gcc-c++
|
|
|
ad7e68 |
BuildRequires: zip
|
|
|
ad7e68 |
BuildRequires: %{java_devel}
|
|
|
ad7e68 |
BuildRequires: javapackages-tools
|
|
|
ad7e68 |
BuildRequires: redhat-rpm-config
|
|
|
ad7e68 |
BuildRequires: apache-commons-cli
|
|
|
ad7e68 |
BuildRequires: apache-commons-codec
|
|
|
ad7e68 |
BuildRequires: apache-commons-io
|
|
|
ad7e68 |
BuildRequires: apache-commons-lang3 >= 3.2
|
|
|
ad7e68 |
BuildRequires: apache-commons-logging
|
|
|
ad7e68 |
BuildRequires: apache-commons-net
|
|
|
ad7e68 |
BuildRequires: slf4j
|
|
|
ad7e68 |
BuildRequires: slf4j-jdk14
|
|
|
ad7e68 |
BuildRequires: nspr-devel
|
|
|
ad7e68 |
BuildRequires: nss-devel >= 3.36.1
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: openldap-devel
|
|
|
ad7e68 |
BuildRequires: pkgconfig
|
|
|
ad7e68 |
BuildRequires: policycoreutils
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: python3-lxml
|
|
|
ad7e68 |
BuildRequires: python3-sphinx
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: xalan-j2
|
|
|
ad7e68 |
BuildRequires: xerces-j2
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: resteasy >= 3.0.26
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: python3 >= 3.5
|
|
|
ad7e68 |
BuildRequires: python3-devel
|
|
|
ad7e68 |
BuildRequires: python3-setuptools
|
|
|
ad7e68 |
BuildRequires: python3-cryptography
|
|
|
ad7e68 |
BuildRequires: python3-lxml
|
|
|
ad7e68 |
BuildRequires: python3-ldap
|
|
|
ad7e68 |
BuildRequires: python3-libselinux
|
|
|
ad7e68 |
BuildRequires: python3-requests >= 2.6.0
|
|
|
ad7e68 |
BuildRequires: python3-six
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: junit
|
|
|
ad7e68 |
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
|
|
ad7e68 |
BuildRequires: jss >= 5.0.0
|
|
|
ad7e68 |
BuildRequires: tomcatjss >= 8.0.0
|
|
|
ad7e68 |
BuildRequires: ldapjdk >= 5.0.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && ! 0%{?eln}
|
|
|
ad7e68 |
BuildRequires: pki-servlet-engine
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
BuildRequires: tomcat >= 1:9.0.7
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# additional build requirements needed to build native 'tpsclient'
|
|
|
ad7e68 |
# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app
|
|
|
ad7e68 |
BuildRequires: apr-devel
|
|
|
ad7e68 |
BuildRequires: apr-util-devel
|
|
|
ad7e68 |
BuildRequires: cyrus-sasl-devel
|
|
|
ad7e68 |
BuildRequires: httpd-devel >= 2.4.2
|
|
|
ad7e68 |
BuildRequires: pcre-devel
|
|
|
ad7e68 |
BuildRequires: systemd
|
|
|
ad7e68 |
BuildRequires: zlib
|
|
|
ad7e68 |
BuildRequires: zlib-devel
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# build dependency to build man pages
|
|
|
ad7e68 |
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
BuildRequires: go-md2man
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
BuildRequires: golang-github-cpuguy83-md2man
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# pki-healthcheck depends on the following library
|
|
|
ad7e68 |
%if 0%{?rhel}
|
|
|
ad7e68 |
BuildRequires: ipa-healthcheck-core
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
BuildRequires: freeipa-healthcheck-core
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# PKICertImport depends on certutil and openssl
|
|
|
ad7e68 |
BuildRequires: nss-tools
|
|
|
ad7e68 |
BuildRequires: openssl
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# description for top-level package (if there is a separate meta package)
|
|
|
ad7e68 |
%if "%{name}" != "%{product_id}"
|
|
|
ad7e68 |
%description
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{product_name} is an enterprise software system designed
|
|
|
ad7e68 |
to manage enterprise Public Key Infrastructure deployments.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{product_name} consists of the following components:
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Automatic Certificate Management Environment (ACME) Responder
|
|
|
ad7e68 |
* Certificate Authority (CA)
|
|
|
ad7e68 |
* Key Recovery Authority (KRA)
|
|
|
ad7e68 |
* Online Certificate Status Protocol (OCSP) Manager
|
|
|
ad7e68 |
* Token Key Service (TKS)
|
|
|
ad7e68 |
* Token Processing Service (TPS)
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with meta}
|
|
|
ad7e68 |
%if "%{name}" != "%{product_id}"
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Package
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-console < %{version}
|
|
|
ad7e68 |
Obsoletes: pki-console-theme < %{version}
|
|
|
ad7e68 |
Obsoletes: idm-console-framework < 2.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
ad7e68 |
# of ALL PKI theme packages
|
|
|
ad7e68 |
Requires: %{product_id}-server-theme = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
ad7e68 |
# of ALL PKI core packages
|
|
|
ad7e68 |
Requires: %{product_id}-acme = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-ca = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-kra = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-ocsp = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-tks = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-tps = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-javadoc = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
ad7e68 |
# of ALL PKI clients -- except for s390/s390x where 'esc' is not built
|
|
|
ad7e68 |
%ifnarch s390 s390x
|
|
|
ad7e68 |
Requires: esc >= 1.1.1
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# description for top-level package (unless there is a separate meta package)
|
|
|
ad7e68 |
%if "%{name}" == "%{product_id}"
|
|
|
ad7e68 |
%description
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
%description -n %{product_id}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{product_name} is an enterprise software system designed
|
|
|
ad7e68 |
to manage enterprise Public Key Infrastructure deployments.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{product_name} consists of the following components:
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Automatic Certificate Management Environment (ACME) Responder
|
|
|
ad7e68 |
* Certificate Authority (CA)
|
|
|
ad7e68 |
* Key Recovery Authority (KRA)
|
|
|
ad7e68 |
* Online Certificate Status Protocol (OCSP) Manager
|
|
|
ad7e68 |
* Token Key Service (TKS)
|
|
|
ad7e68 |
* Token Processing Service (TPS)
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with meta
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with base}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-symkey
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Symmetric Key Package
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-symkey < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-symkey = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{java_headless}
|
|
|
ad7e68 |
Requires: jpackage-utils >= 0:1.7.5-10
|
|
|
ad7e68 |
Requires: jss >= 5.0.0
|
|
|
ad7e68 |
Requires: nss >= 3.38.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Ensure we end up with a useful installation
|
|
|
ad7e68 |
Conflicts: pki-symkey < %{version}
|
|
|
ad7e68 |
Conflicts: pki-javadoc < %{version}
|
|
|
ad7e68 |
Conflicts: pki-server-theme < %{version}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-symkey
|
|
|
ad7e68 |
This package provides library for symmetric key operations.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-base
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Base Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-base < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-base = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: nss >= 3.36.1
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: python3-pki = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): python3-pki = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Ensure we end up with a useful installation
|
|
|
ad7e68 |
Conflicts: pki-symkey < %{version}
|
|
|
ad7e68 |
Conflicts: pki-javadoc < %{version}
|
|
|
ad7e68 |
Conflicts: pki-server-theme < %{version}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-base
|
|
|
ad7e68 |
This package provides default configuration files for %{product_name} client.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n python3-%{product_id}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Python 3 Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: python3-pki < %{version}-%{release}
|
|
|
ad7e68 |
Provides: python3-pki = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-base-python3 < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-base-python3 = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?fedora} || 0%{?rhel} > 8
|
|
|
ad7e68 |
%{?python_provide:%python_provide python3-pki}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-base = %{version}-%{release}
|
|
|
ad7e68 |
Requires: python3 >= 3.5
|
|
|
ad7e68 |
Requires: python3-cryptography
|
|
|
ad7e68 |
Requires: python3-ldap
|
|
|
ad7e68 |
Requires: python3-lxml
|
|
|
ad7e68 |
Requires: python3-requests >= 2.6.0
|
|
|
ad7e68 |
Requires: python3-six
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n python3-%{product_id}
|
|
|
ad7e68 |
This package provides common and client library for Python 3.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-base-java
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Base Java Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-base-java < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-base-java = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{java_headless}
|
|
|
ad7e68 |
Requires: apache-commons-cli
|
|
|
ad7e68 |
Requires: apache-commons-codec
|
|
|
ad7e68 |
Requires: apache-commons-io
|
|
|
ad7e68 |
Requires: apache-commons-lang3 >= 3.2
|
|
|
ad7e68 |
Requires: apache-commons-logging
|
|
|
ad7e68 |
Requires: apache-commons-net
|
|
|
ad7e68 |
Requires: slf4j
|
|
|
ad7e68 |
Requires: slf4j-jdk14
|
|
|
ad7e68 |
Requires: jpackage-utils >= 0:1.7.5-10
|
|
|
ad7e68 |
Requires: jss >= 5.0.0
|
|
|
ad7e68 |
Requires: ldapjdk >= 5.0.0
|
|
|
ad7e68 |
Requires: %{product_id}-base = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
Requires: resteasy >= 3.0.26
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
Requires: resteasy-client >= 3.0.17-1
|
|
|
ad7e68 |
Requires: resteasy-core >= 3.0.17-1
|
|
|
ad7e68 |
Requires: resteasy-jackson2-provider >= 3.0.17-1
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: xalan-j2
|
|
|
ad7e68 |
Requires: xerces-j2
|
|
|
ad7e68 |
Requires: xml-commons-resolver
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-base-java
|
|
|
ad7e68 |
This package provides common and client libraries for Java.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-tools
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Tools Package
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-tools < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-tools = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: openldap-clients
|
|
|
ad7e68 |
Requires: nss-tools >= 3.36.1
|
|
|
ad7e68 |
Requires: %{product_id}-base-java = %{version}-%{release}
|
|
|
ad7e68 |
Requires: p11-kit-trust
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# PKICertImport depends on certutil and openssl
|
|
|
ad7e68 |
Requires: nss-tools
|
|
|
ad7e68 |
Requires: openssl
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-tools
|
|
|
ad7e68 |
This package provides tools that can be used to help make
|
|
|
ad7e68 |
%{product_name} into a more complete and robust PKI solution.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with base
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-server
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Server Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-server < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-server = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: hostname
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: policycoreutils
|
|
|
ad7e68 |
Requires: procps-ng
|
|
|
ad7e68 |
Requires: openldap-clients
|
|
|
ad7e68 |
Requires: openssl
|
|
|
ad7e68 |
Requires: %{product_id}-symkey = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-tools = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: keyutils
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: policycoreutils-python-utils
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: python3-lxml
|
|
|
ad7e68 |
Requires: python3-libselinux
|
|
|
ad7e68 |
Requires: python3-policycoreutils
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: selinux-policy-targeted >= 3.13.1-159
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && ! 0%{?eln}
|
|
|
ad7e68 |
Requires: pki-servlet-engine
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
Requires: tomcat >= 1:9.0.7
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: systemd
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
Requires(pre): shadow-utils
|
|
|
ad7e68 |
Requires: tomcatjss >= 8.0.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# pki-healthcheck depends on the following library
|
|
|
ad7e68 |
%if 0%{?rhel}
|
|
|
ad7e68 |
Requires: ipa-healthcheck-core
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
Requires: freeipa-healthcheck-core
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# https://pagure.io/freeipa/issue/7742
|
|
|
ad7e68 |
%if 0%{?rhel}
|
|
|
ad7e68 |
Conflicts: ipa-server < 4.7.1
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
Conflicts: freeipa-server < 4.7.1
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Provides: bundled(js-backbone) = 1.4.0
|
|
|
ad7e68 |
Provides: bundled(js-bootstrap) = 3.4.1
|
|
|
ad7e68 |
Provides: bundled(js-jquery) = 3.5.1
|
|
|
ad7e68 |
Provides: bundled(js-jquery-i18n-properties) = 1.2.7
|
|
|
ad7e68 |
Provides: bundled(js-patternfly) = 3.59.2
|
|
|
ad7e68 |
Provides: bundled(js-underscore) = 1.9.2
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-server
|
|
|
ad7e68 |
This package provides libraries and utilities needed by %{product_name} services.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with acme}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-acme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} ACME Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-acme < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-acme = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-acme
|
|
|
ad7e68 |
%{product_name} ACME responder is a service that provides an automatic certificate
|
|
|
ad7e68 |
management via ACME v2 protocol defined in RFC 8555.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with acme
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with ca}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-ca
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} CA Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-ca < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-ca = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-ca
|
|
|
ad7e68 |
%{product_name} Certificate Authority (CA) is a required subsystem which issues,
|
|
|
ad7e68 |
renews, revokes, and publishes certificates as well as compiling and
|
|
|
ad7e68 |
publishing Certificate Revocation Lists (CRLs).
|
|
|
ad7e68 |
|
|
|
ad7e68 |
The Certificate Authority can be configured as a self-signing Certificate
|
|
|
ad7e68 |
Authority, where it is the root CA, or it can act as a subordinate CA,
|
|
|
ad7e68 |
where it obtains its own signing certificate from a public CA.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with ca
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with kra}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-kra
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} KRA Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-kra < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-kra = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-kra
|
|
|
ad7e68 |
%{product_name} Key Recovery Authority (KRA) is an optional subsystem that can act
|
|
|
ad7e68 |
as a key archival facility. When configured in conjunction with the
|
|
|
ad7e68 |
Certificate Authority (CA), the KRA stores private encryption keys as part of
|
|
|
ad7e68 |
the certificate enrollment process. The key archival mechanism is triggered
|
|
|
ad7e68 |
when a user enrolls in the PKI and creates the certificate request. Using the
|
|
|
ad7e68 |
Certificate Request Message Format (CRMF) request format, a request is
|
|
|
ad7e68 |
generated for the user's private encryption key. This key is then stored in
|
|
|
ad7e68 |
the KRA which is configured to store keys in an encrypted format that can only
|
|
|
ad7e68 |
be decrypted by several agents requesting the key at one time, providing for
|
|
|
ad7e68 |
protection of the public encryption keys for the users in the PKI deployment.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Note that the KRA archives encryption keys; it does NOT archive signing keys,
|
|
|
ad7e68 |
since such archival would undermine non-repudiation properties of signing keys.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with kra
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with ocsp}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-ocsp
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} OCSP Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-ocsp < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-ocsp = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-ocsp
|
|
|
ad7e68 |
%{product_name} Online Certificate Status Protocol (OCSP) Manager is an optional
|
|
|
ad7e68 |
subsystem that can act as a stand-alone OCSP service. The OCSP Manager
|
|
|
ad7e68 |
performs the task of an online certificate validation authority by enabling
|
|
|
ad7e68 |
OCSP-compliant clients to do real-time verification of certificates. Note
|
|
|
ad7e68 |
that an online certificate-validation authority is often referred to as an
|
|
|
ad7e68 |
OCSP Responder.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Although the Certificate Authority (CA) is already configured with an
|
|
|
ad7e68 |
internal OCSP service. An external OCSP Responder is offered as a separate
|
|
|
ad7e68 |
subsystem in case the user wants the OCSP service provided outside of a
|
|
|
ad7e68 |
firewall while the CA resides inside of a firewall, or to take the load of
|
|
|
ad7e68 |
requests off of the CA.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
|
|
|
ad7e68 |
multiple CA servers, and clients can query the OCSP Manager for the
|
|
|
ad7e68 |
revocation status of certificates issued by all of these CA servers.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
When an instance of OCSP Manager is set up with an instance of CA, and
|
|
|
ad7e68 |
publishing is set up to this OCSP Manager, CRLs are published to it
|
|
|
ad7e68 |
whenever they are issued or updated.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with ocsp
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tks}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-tks
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} TKS Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-tks < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-tks = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-tks
|
|
|
ad7e68 |
%{product_name} Token Key Service (TKS) is an optional subsystem that manages the
|
|
|
ad7e68 |
master key(s) and the transport key(s) required to generate and distribute
|
|
|
ad7e68 |
keys for hardware tokens. TKS provides the security between tokens and an
|
|
|
ad7e68 |
instance of Token Processing System (TPS), where the security relies upon the
|
|
|
ad7e68 |
relationship between the master key and the token keys. A TPS communicates
|
|
|
ad7e68 |
with a TKS over SSL using client authentication.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
TKS helps establish a secure channel (signed and encrypted) between the token
|
|
|
ad7e68 |
and the TPS, provides proof of presence of the security token during
|
|
|
ad7e68 |
enrollment, and supports key changeover when the master key changes on the
|
|
|
ad7e68 |
TKS. Tokens with older keys will get new token keys.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Because of the sensitivity of the data that TKS manages, TKS should be set up
|
|
|
ad7e68 |
behind the firewall with restricted access.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tks
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tps}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-tps
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} TPS Package
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-tps < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-tps = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: %{product_id}-server = %{version}-%{release}
|
|
|
ad7e68 |
Requires(post): systemd-units
|
|
|
ad7e68 |
Requires(postun): systemd-units
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# additional runtime requirements needed to run native 'tpsclient'
|
|
|
ad7e68 |
# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: nss-tools >= 3.36.1
|
|
|
ad7e68 |
Requires: openldap-clients
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-tps
|
|
|
ad7e68 |
%{product_name} Token Processing System (TPS) is an optional subsystem that acts
|
|
|
ad7e68 |
as a Registration Authority (RA) for authenticating and processing
|
|
|
ad7e68 |
enrollment requests, PIN reset requests, and formatting requests from
|
|
|
ad7e68 |
the Enterprise Security Client (ESC).
|
|
|
ad7e68 |
|
|
|
ad7e68 |
TPS is designed to communicate with tokens that conform to
|
|
|
ad7e68 |
Global Platform's Open Platform Specification.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
TPS communicates over SSL with various PKI backend subsystems (including
|
|
|
ad7e68 |
the Certificate Authority (CA), the Key Recovery Authority (KRA), and the
|
|
|
ad7e68 |
Token Key Service (TKS)) to fulfill the user's requests.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
TPS also interacts with the token database, an LDAP server that stores
|
|
|
ad7e68 |
information about individual tokens.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
The utility "tpsclient" is a test tool that interacts with TPS. This
|
|
|
ad7e68 |
tool is useful to test TPS server configs without risking an actual
|
|
|
ad7e68 |
smart card.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tps
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with javadoc}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-javadoc
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Javadoc Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-javadoc < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-javadoc = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Ensure we end up with a useful installation
|
|
|
ad7e68 |
Conflicts: pki-base < %{version}
|
|
|
ad7e68 |
Conflicts: pki-symkey < %{version}
|
|
|
ad7e68 |
Conflicts: pki-server-theme < %{version}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-javadoc
|
|
|
ad7e68 |
This package provides %{product_name} API documentation.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with javadoc
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with console}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-console
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Console Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
BuildRequires: idm-console-framework >= 2.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-console < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-console = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: idm-console-framework >= 2.0
|
|
|
ad7e68 |
Requires: %{product_id}-base-java = %{version}-%{release}
|
|
|
ad7e68 |
Requires: %{product_id}-console-theme = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-console
|
|
|
ad7e68 |
%{product_name} Console is a Java application used to administer %{product_name} Server.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with console
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with theme}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-server-theme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Server Theme Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-server-theme < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-server-theme = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Ensure we end up with a useful installation
|
|
|
ad7e68 |
Conflicts: pki-base < %{version}
|
|
|
ad7e68 |
Conflicts: pki-symkey < %{version}
|
|
|
ad7e68 |
Conflicts: pki-javadoc < %{version}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-server-theme
|
|
|
ad7e68 |
This package provides theme files for %{product_name} Server.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with console}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-console-theme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Console Theme Package
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-console-theme < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-console-theme = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Ensure we end up with a useful installation
|
|
|
ad7e68 |
Conflicts: pki-base < %{version}
|
|
|
ad7e68 |
Conflicts: pki-symkey < %{version}
|
|
|
ad7e68 |
Conflicts: pki-server-theme < %{version}
|
|
|
ad7e68 |
Conflicts: pki-javadoc < %{version}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-console-theme
|
|
|
ad7e68 |
This package provides theme files for %{product_name} Console.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with console
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with theme
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tests}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%package -n %{product_id}-tests
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Summary: %{product_name} Tests
|
|
|
ad7e68 |
BuildArch: noarch
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Obsoletes: pki-tests < %{version}-%{release}
|
|
|
ad7e68 |
Provides: pki-tests = %{version}-%{release}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
Requires: python3-pylint
|
|
|
ad7e68 |
Requires: python3-flake8
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%description -n %{product_id}-tests
|
|
|
ad7e68 |
This package provides test suite for %{product_name}.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tests
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%prep
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%autosetup -n pki-%{version}%{?_phase} -p 1
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%build
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# get Java <major>.<minor> version number
|
|
|
ad7e68 |
java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | sed -n 's/ *java.version *= *\([0-9]\+\.[0-9]\+\).*/\1/p'`
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# if <major> == 1, get <minor> version number
|
|
|
ad7e68 |
# otherwise get <major> version number
|
|
|
ad7e68 |
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# assume tomcat app_server
|
|
|
ad7e68 |
app_server=tomcat-9.0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
%{__mkdir_p} build
|
|
|
ad7e68 |
cd build
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%cmake \
|
|
|
ad7e68 |
--no-warn-unused-cli \
|
|
|
ad7e68 |
-DVERSION=%{version}-%{release} \
|
|
|
ad7e68 |
-DVAR_INSTALL_DIR:PATH=/var \
|
|
|
ad7e68 |
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
|
|
|
ad7e68 |
-DJAVA_VERSION=${java_version} \
|
|
|
ad7e68 |
-DJAVA_HOME=%{java_home} \
|
|
|
ad7e68 |
-DPKI_JAVA_PATH=%{java_home}/bin/java \
|
|
|
ad7e68 |
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
|
|
ad7e68 |
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
|
|
ad7e68 |
-DAPP_SERVER=$app_server \
|
|
|
ad7e68 |
-DJAXRS_API_JAR=%{jaxrs_api_jar} \
|
|
|
ad7e68 |
-DRESTEASY_LIB=%{resteasy_lib} \
|
|
|
ad7e68 |
-DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \
|
|
|
ad7e68 |
-DBUILD_PKI_CORE:BOOL=ON \
|
|
|
ad7e68 |
-DPYTHON_EXECUTABLE=%{python_executable} \
|
|
|
ad7e68 |
%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
|
|
|
ad7e68 |
-DWITH_SERVER:BOOL=OFF \
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
-DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \
|
|
|
ad7e68 |
-DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \
|
|
|
ad7e68 |
-DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \
|
|
|
ad7e68 |
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
|
|
|
ad7e68 |
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
|
|
|
ad7e68 |
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
|
|
|
ad7e68 |
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
|
|
|
ad7e68 |
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
|
|
|
ad7e68 |
-DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
|
|
|
ad7e68 |
-DTHEME=%{?with_theme:%{theme}} \
|
|
|
ad7e68 |
%if 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
..
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
-B %{_vpath_builddir}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?fedora} || 0%{?rhel} > 8
|
|
|
ad7e68 |
cd %{_vpath_builddir}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Do not use _smp_mflags to preserve build order
|
|
|
ad7e68 |
%{__make} \
|
|
|
ad7e68 |
VERBOSE=%{?_verbose} \
|
|
|
ad7e68 |
CMAKE_NO_VERBOSE=1 \
|
|
|
ad7e68 |
DESTDIR=%{buildroot} \
|
|
|
ad7e68 |
INSTALL="install -p" \
|
|
|
ad7e68 |
--no-print-directory \
|
|
|
ad7e68 |
all
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%install
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if 0%{?rhel} && 0%{?rhel} <= 8
|
|
|
ad7e68 |
cd build
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
cd %{_vpath_builddir}
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{__make} \
|
|
|
ad7e68 |
VERBOSE=%{?_verbose} \
|
|
|
ad7e68 |
CMAKE_NO_VERBOSE=1 \
|
|
|
ad7e68 |
DESTDIR=%{buildroot} \
|
|
|
ad7e68 |
INSTALL="install -p" \
|
|
|
ad7e68 |
--no-print-directory \
|
|
|
ad7e68 |
install
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with test}
|
|
|
ad7e68 |
ctest --output-on-failure
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with meta}
|
|
|
ad7e68 |
%{__mkdir_p} %{buildroot}%{_datadir}/doc/pki
|
|
|
ad7e68 |
|
|
|
ad7e68 |
cat > %{buildroot}%{_datadir}/doc/pki/README << EOF
|
|
|
ad7e68 |
This package is a "meta-package" whose dependencies pull in all of the
|
|
|
ad7e68 |
packages comprising the %{product_name} Suite.
|
|
|
ad7e68 |
EOF
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with meta
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Customize client library links in /usr/share/pki/lib
|
|
|
ad7e68 |
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
|
|
|
ad7e68 |
%if 0%{?fedora} && 0%{?fedora} <= 34
|
|
|
ad7e68 |
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/lib/jakarta.annotation-api.jar
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Customize server common library links in /usr/share/pki/server/common/lib
|
|
|
ad7e68 |
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
|
|
|
ad7e68 |
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
|
|
|
ad7e68 |
%if 0%{?fedora} && 0%{?fedora} <= 34
|
|
|
ad7e68 |
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/server/common/lib/jakarta.annotation-api.jar
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%pre -n %{product_id}-server
|
|
|
ad7e68 |
getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname}
|
|
|
ad7e68 |
if ! getent passwd %{pki_username} >/dev/null ; then
|
|
|
ad7e68 |
useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}
|
|
|
ad7e68 |
fi
|
|
|
ad7e68 |
exit 0
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with base}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%post -n %{product_id}-base
|
|
|
ad7e68 |
|
|
|
ad7e68 |
if [ $1 -eq 1 ]
|
|
|
ad7e68 |
then
|
|
|
ad7e68 |
# On RPM installation create system upgrade tracker
|
|
|
ad7e68 |
echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version
|
|
|
ad7e68 |
|
|
|
ad7e68 |
else
|
|
|
ad7e68 |
# On RPM upgrade run system upgrade
|
|
|
ad7e68 |
echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log
|
|
|
ad7e68 |
/sbin/pki-upgrade 2>&1 | tee -a /var/log/pki/pki-upgrade-%{version}.log
|
|
|
ad7e68 |
echo >> /var/log/pki/pki-upgrade-%{version}.log
|
|
|
ad7e68 |
fi
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%postun -n %{product_id}-base
|
|
|
ad7e68 |
|
|
|
ad7e68 |
if [ $1 -eq 0 ]
|
|
|
ad7e68 |
then
|
|
|
ad7e68 |
# On RPM uninstallation remove system upgrade tracker
|
|
|
ad7e68 |
rm -f %{_sysconfdir}/pki/pki.version
|
|
|
ad7e68 |
fi
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with base
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%post -n %{product_id}-server
|
|
|
ad7e68 |
# CVE-2021-3551
|
|
|
ad7e68 |
# Remove world access from existing installation logs
|
|
|
ad7e68 |
find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# Reload systemd daemons on upgrade only
|
|
|
ad7e68 |
if [ "$1" == "2" ]
|
|
|
ad7e68 |
then
|
|
|
ad7e68 |
systemctl daemon-reload
|
|
|
ad7e68 |
fi
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with meta}
|
|
|
ad7e68 |
%if "%{name}" != "%{product_id}"
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%else
|
|
|
ad7e68 |
%files
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%doc %{_datadir}/doc/pki/README
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with meta
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with base}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-symkey
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/symkey/LICENSE
|
|
|
ad7e68 |
%{_jnidir}/symkey.jar
|
|
|
ad7e68 |
%{_libdir}/symkey/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-base
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/common/LICENSE
|
|
|
ad7e68 |
%license base/common/LICENSE.LESSER
|
|
|
ad7e68 |
%doc %{_datadir}/doc/pki-base/html
|
|
|
ad7e68 |
%dir %{_datadir}/pki
|
|
|
ad7e68 |
%{_datadir}/pki/VERSION
|
|
|
ad7e68 |
%{_datadir}/pki/pom.xml
|
|
|
ad7e68 |
%dir %{_datadir}/pki/etc
|
|
|
ad7e68 |
%{_datadir}/pki/etc/pki.conf
|
|
|
ad7e68 |
%{_datadir}/pki/etc/logging.properties
|
|
|
ad7e68 |
%dir %{_datadir}/pki/lib
|
|
|
ad7e68 |
%dir %{_datadir}/pki/scripts
|
|
|
ad7e68 |
%{_datadir}/pki/scripts/config
|
|
|
ad7e68 |
%{_datadir}/pki/upgrade/
|
|
|
ad7e68 |
%{_datadir}/pki/key/templates
|
|
|
ad7e68 |
%dir %{_sysconfdir}/pki
|
|
|
ad7e68 |
%config(noreplace) %{_sysconfdir}/pki/pki.conf
|
|
|
ad7e68 |
%dir %{_localstatedir}/log/pki
|
|
|
ad7e68 |
%{_sbindir}/pki-upgrade
|
|
|
ad7e68 |
%{_mandir}/man1/pki-python-client.1.gz
|
|
|
ad7e68 |
%{_mandir}/man5/pki-logging.5.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-upgrade.8.gz
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-base-java
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/common/LICENSE
|
|
|
ad7e68 |
%license base/common/LICENSE.LESSER
|
|
|
ad7e68 |
%{_datadir}/pki/examples/java/
|
|
|
ad7e68 |
%{_datadir}/pki/lib/*.jar
|
|
|
ad7e68 |
%dir %{_javadir}/pki
|
|
|
ad7e68 |
%{_javadir}/pki/pki-cmsutil.jar
|
|
|
ad7e68 |
%{_javadir}/pki/pki-certsrv.jar
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n python3-%{product_id}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/common/LICENSE
|
|
|
ad7e68 |
%license base/common/LICENSE.LESSER
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
%exclude %{python3_sitelib}/pki/server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
%{python3_sitelib}/pki
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-tools
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/tools/LICENSE
|
|
|
ad7e68 |
%doc base/tools/doc/README
|
|
|
ad7e68 |
%{_bindir}/p7tool
|
|
|
ad7e68 |
%{_bindir}/p12tool
|
|
|
ad7e68 |
%{_bindir}/pistool
|
|
|
ad7e68 |
%{_bindir}/pki
|
|
|
ad7e68 |
%{_bindir}/revoker
|
|
|
ad7e68 |
%{_bindir}/setpin
|
|
|
ad7e68 |
%{_bindir}/sslget
|
|
|
ad7e68 |
%{_bindir}/tkstool
|
|
|
ad7e68 |
%{_bindir}/AtoB
|
|
|
ad7e68 |
%{_bindir}/AuditVerify
|
|
|
ad7e68 |
%{_bindir}/BtoA
|
|
|
ad7e68 |
%{_bindir}/CMCEnroll
|
|
|
ad7e68 |
%{_bindir}/CMCRequest
|
|
|
ad7e68 |
%{_bindir}/CMCResponse
|
|
|
ad7e68 |
%{_bindir}/CMCRevoke
|
|
|
ad7e68 |
%{_bindir}/CMCSharedToken
|
|
|
ad7e68 |
%{_bindir}/CRMFPopClient
|
|
|
ad7e68 |
%{_bindir}/DRMTool
|
|
|
ad7e68 |
%{_bindir}/ExtJoiner
|
|
|
ad7e68 |
%{_bindir}/GenExtKeyUsage
|
|
|
ad7e68 |
%{_bindir}/GenIssuerAltNameExt
|
|
|
ad7e68 |
%{_bindir}/GenSubjectAltNameExt
|
|
|
ad7e68 |
%{_bindir}/HttpClient
|
|
|
ad7e68 |
%{_bindir}/KRATool
|
|
|
ad7e68 |
%{_bindir}/OCSPClient
|
|
|
ad7e68 |
%{_bindir}/PKCS10Client
|
|
|
ad7e68 |
%{_bindir}/PKCS12Export
|
|
|
ad7e68 |
%{_bindir}/PKICertImport
|
|
|
ad7e68 |
%{_bindir}/PrettyPrintCert
|
|
|
ad7e68 |
%{_bindir}/PrettyPrintCrl
|
|
|
ad7e68 |
%{_bindir}/TokenInfo
|
|
|
ad7e68 |
%{_javadir}/pki/pki-tools.jar
|
|
|
ad7e68 |
%{_datadir}/pki/tools/
|
|
|
ad7e68 |
%{_datadir}/pki/lib/p11-kit-trust.so
|
|
|
ad7e68 |
%{_mandir}/man1/AtoB.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/AuditVerify.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/BtoA.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/CMCEnroll.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/CMCRequest.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/CMCSharedToken.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/CMCResponse.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/DRMTool.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/KRATool.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/PrettyPrintCert.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/PrettyPrintCrl.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-audit.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-ca-cert.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-ca-kraconnector.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-ca-profile.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-client.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-group.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-group-member.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-kra-key.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-pkcs12-cert.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-pkcs12-key.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-pkcs12.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-securitydomain.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-tps-profile.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-user.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-user-cert.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/pki-user-membership.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/PKCS10Client.1.gz
|
|
|
ad7e68 |
%{_mandir}/man1/PKICertImport.1.gz
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with base
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with server}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-server
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/common/THIRD_PARTY_LICENSES
|
|
|
ad7e68 |
%license base/server/LICENSE
|
|
|
ad7e68 |
%doc base/server/README
|
|
|
ad7e68 |
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki
|
|
|
ad7e68 |
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat
|
|
|
ad7e68 |
%{_sbindir}/pkispawn
|
|
|
ad7e68 |
%{_sbindir}/pkidestroy
|
|
|
ad7e68 |
%{_sbindir}/pki-server
|
|
|
ad7e68 |
%{_sbindir}/pki-server-upgrade
|
|
|
ad7e68 |
%{_sbindir}/pki-healthcheck
|
|
|
ad7e68 |
%{python3_sitelib}/pki/server/
|
|
|
ad7e68 |
%{python3_sitelib}/pkihealthcheck-*.egg-info/
|
|
|
ad7e68 |
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{_datadir}/pki/etc/tomcat.conf
|
|
|
ad7e68 |
%dir %{_datadir}/pki/deployment
|
|
|
ad7e68 |
%{_datadir}/pki/deployment/config/
|
|
|
ad7e68 |
%{_datadir}/pki/scripts/operations
|
|
|
ad7e68 |
%{_bindir}/pkidaemon
|
|
|
ad7e68 |
%{_bindir}/pki-server-nuxwdog
|
|
|
ad7e68 |
%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants
|
|
|
ad7e68 |
%attr(644,-,-) %{_unitdir}/pki-tomcatd@.service
|
|
|
ad7e68 |
%attr(644,-,-) %{_unitdir}/pki-tomcatd.target
|
|
|
ad7e68 |
%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants
|
|
|
ad7e68 |
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
|
|
|
ad7e68 |
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
|
|
|
ad7e68 |
%{_javadir}/pki/pki-cms.jar
|
|
|
ad7e68 |
%{_javadir}/pki/pki-cmsbundle.jar
|
|
|
ad7e68 |
%{_javadir}/pki/pki-tomcat.jar
|
|
|
ad7e68 |
%dir %{_sharedstatedir}/pki
|
|
|
ad7e68 |
%{_mandir}/man1/pkidaemon.1.gz
|
|
|
ad7e68 |
%{_mandir}/man5/pki_default.cfg.5.gz
|
|
|
ad7e68 |
%{_mandir}/man5/pki_healthcheck.conf.5.gz
|
|
|
ad7e68 |
%{_mandir}/man5/pki-server-logging.5.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-upgrade.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pkidestroy.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pkispawn.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-acme.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-instance.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-subsystem.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-nuxwdog.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-migrate.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-cert.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-ca.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-kra.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-ocsp.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-tks.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-server-tps.8.gz
|
|
|
ad7e68 |
%{_mandir}/man8/pki-healthcheck.8.gz
|
|
|
ad7e68 |
%{_datadir}/pki/setup/
|
|
|
ad7e68 |
%{_datadir}/pki/server/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with server
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with acme}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-acme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{_javadir}/pki/pki-acme.jar
|
|
|
ad7e68 |
%{_datadir}/pki/acme/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with acme
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with ca}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-ca
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/ca/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-ca.jar
|
|
|
ad7e68 |
%{_datadir}/pki/ca/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with ca
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with kra}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-kra
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/kra/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-kra.jar
|
|
|
ad7e68 |
%{_datadir}/pki/kra/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with kra
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with ocsp}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-ocsp
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/ocsp/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-ocsp.jar
|
|
|
ad7e68 |
%{_datadir}/pki/ocsp/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with ocsp
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tks}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-tks
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/tks/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-tks.jar
|
|
|
ad7e68 |
%{_datadir}/pki/tks/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tks
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tps}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-tps
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/tps/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-tps.jar
|
|
|
ad7e68 |
%{_datadir}/pki/tps/
|
|
|
ad7e68 |
%{_mandir}/man5/pki-tps-connector.5.gz
|
|
|
ad7e68 |
%{_mandir}/man5/pki-tps-profile.5.gz
|
|
|
ad7e68 |
%{_mandir}/man1/tpsclient.1.gz
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# files for native 'tpsclient'
|
|
|
ad7e68 |
# REMINDER: Remove this comment once 'tpsclient' is rewritten as a Java app
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{_bindir}/tpsclient
|
|
|
ad7e68 |
%{_libdir}/tps/libtps.so
|
|
|
ad7e68 |
%{_libdir}/tps/libtokendb.so
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tps
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with javadoc}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-javadoc
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{_javadocdir}/pki/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with javadoc
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with console}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-console
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license base/console/LICENSE
|
|
|
ad7e68 |
%{_bindir}/pkiconsole
|
|
|
ad7e68 |
%{_javadir}/pki/pki-console.jar
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with console
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with theme}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-server-theme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license themes/%{theme}/common-ui/LICENSE
|
|
|
ad7e68 |
%dir %{_datadir}/pki
|
|
|
ad7e68 |
%{_datadir}/pki/CS_SERVER_VERSION
|
|
|
ad7e68 |
%{_datadir}/pki/common-ui/
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/ca
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/css
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/esc
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/fonts
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/images
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/kra
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/ocsp
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/pki.properties
|
|
|
ad7e68 |
%{_datadir}/pki/server/webapps/pki/tks
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with console}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-console-theme
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%license themes/%{theme}/console-ui/LICENSE
|
|
|
ad7e68 |
%{_javadir}/pki/pki-console-theme.jar
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with console
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with theme
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%if %{with tests}
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%files -n %{product_id}-tests
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
|
|
|
ad7e68 |
%{_datadir}/pki/tests/
|
|
|
ad7e68 |
|
|
|
ad7e68 |
# with tests
|
|
|
ad7e68 |
%endif
|
|
|
ad7e68 |
|
|
|
ad7e68 |
################################################################################
|
|
|
ad7e68 |
%changelog
|
|
|
cdddd4 |
* Wed Jan 19 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.3-1
|
|
|
cdddd4 |
- Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0]
|
|
|
cdddd4 |
- Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli
|
|
|
cdddd4 |
- Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
|
|
|
cdddd4 |
|
|
|
5b6495 |
* Thu Dec 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.1-3
|
|
|
5b6495 |
- Change gcc compiler flags to fix annobin gating failures
|
|
|
5b6495 |
|
|
|
5b6495 |
* Tue Nov 23 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.1-2
|
|
|
5b6495 |
- Rebase to PKI 11.0.1
|
|
|
5b6495 |
|
|
|
997495 |
* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-1
|
|
|
997495 |
- Rebase to PKI 11.0.0
|
|
|
ad7e68 |
|
|
|
997495 |
* Thu Sep 30 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.6.beta1
|
|
|
ad7e68 |
- Rebase to PKI 11.0.0-beta1
|
|
|
997495 |
- Bug #1999052 - pki instance creation fails for IPA server
|
|
|
997495 |
|
|
|
997495 |
* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.5.alpha1
|
|
|
997495 |
- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl
|
|
|
997495 |
Resolves #2002594
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.0.0-0.4.alpha1
|
|
|
ad7e68 |
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
ad7e68 |
Related: rhbz#1991688
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Thu Jul 1 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.3
|
|
|
ad7e68 |
- Drop sudo dependency
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Tue Jun 29 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.2
|
|
|
ad7e68 |
- Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup.
|
|
|
ad7e68 |
|
|
|
ad7e68 |
* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.1
|
|
|
ad7e68 |
- Rebase to PKI 11.0.0-alpha1
|
|
|
cdddd4 |
|
|
|
cdddd4 |
* Tue May 18 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
|
|
|
cdddd4 |
- Rebase to PKI 10.11.0-alpha1
|