|
|
efcdb2 |
# Python
|
|
|
f332ec |
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from
|
|
|
f332ec |
distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
|
|
f332ec |
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from
|
|
|
f332ec |
distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
|
|
f332ec |
|
|
|
efcdb2 |
# Tomcat
|
|
|
efcdb2 |
%if 0%{?fedora} >= 23
|
|
|
efcdb2 |
%define with_tomcat7 0
|
|
|
efcdb2 |
%define with_tomcat8 1
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
# 0%{?rhel} || 0%{?fedora} <= 22
|
|
|
efcdb2 |
%define with_tomcat7 1
|
|
|
efcdb2 |
%define with_tomcat8 0
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
efcdb2 |
# RESTEasy
|
|
|
efcdb2 |
%if 0%{?rhel}
|
|
|
efcdb2 |
%define resteasy_lib /usr/share/java/resteasy-base
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
# 0%{?fedora}
|
|
|
efcdb2 |
%define resteasy_lib /usr/share/java/resteasy
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
efcdb2 |
# Dogtag
|
|
|
efcdb2 |
%bcond_without server
|
|
|
efcdb2 |
%bcond_without javadoc
|
|
|
efcdb2 |
|
|
|
efcdb2 |
# ignore unpackaged files from native 'tpsclient'
|
|
|
efcdb2 |
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
|
|
|
efcdb2 |
%define _unpackaged_files_terminate_build 0
|
|
|
efcdb2 |
|
|
|
efcdb2 |
# pkiuser and group. The uid and gid are preallocated
|
|
|
efcdb2 |
# see /usr/share/doc/setup/uidgid
|
|
|
efcdb2 |
%define pki_username pkiuser
|
|
|
efcdb2 |
%define pki_uid 17
|
|
|
efcdb2 |
%define pki_groupname pkiuser
|
|
|
efcdb2 |
%define pki_gid 17
|
|
|
efcdb2 |
%define pki_homedir /usr/share/pki
|
|
|
efcdb2 |
|
|
|
f332ec |
Name: pki-core
|
|
|
efcdb2 |
Version: 10.2.5
|
|
|
efcdb2 |
Release: 6%{?dist}
|
|
|
f332ec |
Summary: Certificate System - PKI Core Components
|
|
|
f332ec |
URL: http://pki.fedoraproject.org/
|
|
|
f332ec |
License: GPLv2
|
|
|
f332ec |
Group: System Environment/Daemons
|
|
|
f332ec |
|
|
|
f332ec |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
f332ec |
|
|
|
f332ec |
BuildRequires: cmake >= 2.8.9-1
|
|
|
f332ec |
BuildRequires: zip
|
|
|
eb29d7 |
BuildRequires: java-devel >= 1:1.7.0
|
|
|
f332ec |
BuildRequires: redhat-rpm-config
|
|
|
f332ec |
BuildRequires: ldapjdk
|
|
|
f332ec |
BuildRequires: apache-commons-cli
|
|
|
f332ec |
BuildRequires: apache-commons-codec
|
|
|
f332ec |
BuildRequires: apache-commons-io
|
|
|
efcdb2 |
BuildRequires: apache-commons-lang
|
|
|
eb29d7 |
BuildRequires: jakarta-commons-httpclient
|
|
|
f332ec |
BuildRequires: nspr-devel
|
|
|
efcdb2 |
BuildRequires: nss-devel >= 3.14.3
|
|
|
efcdb2 |
|
|
|
efcdb2 |
%if 0%{?rhel}
|
|
|
efcdb2 |
BuildRequires: nuxwdog-client-java >= 1.0.1-11
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
BuildRequires: nuxwdog-client-java >= 1.0.3
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
f332ec |
BuildRequires: openldap-devel
|
|
|
f332ec |
BuildRequires: pkgconfig
|
|
|
f332ec |
BuildRequires: policycoreutils
|
|
|
efcdb2 |
BuildRequires: python-lxml
|
|
|
efcdb2 |
BuildRequires: python-sphinx
|
|
|
f332ec |
BuildRequires: velocity
|
|
|
f332ec |
BuildRequires: xalan-j2
|
|
|
f332ec |
BuildRequires: xerces-j2
|
|
|
f332ec |
|
|
|
eb29d7 |
%if 0%{?rhel}
|
|
|
efcdb2 |
# 'resteasy-base' is a subset of the complete set of
|
|
|
efcdb2 |
# 'resteasy' packages and consists of what is needed to
|
|
|
efcdb2 |
# support the PKI Restful interface on RHEL platforms
|
|
|
eb29d7 |
BuildRequires: resteasy-base-atom-provider >= 3.0.6-1
|
|
|
eb29d7 |
BuildRequires: resteasy-base-client >= 3.0.6-1
|
|
|
eb29d7 |
BuildRequires: resteasy-base-jaxb-provider >= 3.0.6-1
|
|
|
eb29d7 |
BuildRequires: resteasy-base-jaxrs >= 3.0.6-1
|
|
|
eb29d7 |
BuildRequires: resteasy-base-jaxrs-api >= 3.0.6-1
|
|
|
efcdb2 |
BuildRequires: resteasy-base-jackson-provider >= 3.0.6-1
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
%if 0%{?fedora} >= 22
|
|
|
efcdb2 |
# Starting from Fedora 22, resteasy packages were split into
|
|
|
efcdb2 |
# subpackages.
|
|
|
efcdb2 |
BuildRequires: resteasy-atom-provider >= 3.0.6-7
|
|
|
efcdb2 |
BuildRequires: resteasy-client >= 3.0.6-7
|
|
|
efcdb2 |
BuildRequires: resteasy-jaxb-provider >= 3.0.6-7
|
|
|
efcdb2 |
BuildRequires: resteasy-core >= 3.0.6-7
|
|
|
efcdb2 |
BuildRequires: resteasy-jaxrs-api >= 3.0.6-7
|
|
|
efcdb2 |
BuildRequires: resteasy-jackson-provider >= 3.0.6-7
|
|
|
f332ec |
%else
|
|
|
efcdb2 |
BuildRequires: resteasy >= 3.0.6-2
|
|
|
efcdb2 |
%endif
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
eb29d7 |
%if ! 0%{?rhel}
|
|
|
eb29d7 |
BuildRequires: pylint
|
|
|
eb29d7 |
%endif
|
|
|
efcdb2 |
|
|
|
efcdb2 |
BuildRequires: python-nss
|
|
|
eb29d7 |
BuildRequires: python-requests
|
|
|
eb29d7 |
BuildRequires: libselinux-python
|
|
|
eb29d7 |
BuildRequires: policycoreutils-python
|
|
|
eb29d7 |
BuildRequires: python-ldap
|
|
|
f332ec |
BuildRequires: junit
|
|
|
f332ec |
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
|
|
eb29d7 |
BuildRequires: jss >= 4.2.6-35
|
|
|
f332ec |
BuildRequires: systemd-units
|
|
|
f332ec |
|
|
|
efcdb2 |
%if 0%{?rhel}
|
|
|
efcdb2 |
BuildRequires: tomcatjss >= 7.1.0-6
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
BuildRequires: tomcatjss >= 7.1.2
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
f332ec |
|
|
|
efcdb2 |
# additional build requirements needed to build native 'tpsclient'
|
|
|
efcdb2 |
# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app
|
|
|
efcdb2 |
BuildRequires: apr-devel
|
|
|
efcdb2 |
BuildRequires: apr-util-devel
|
|
|
efcdb2 |
BuildRequires: cyrus-sasl-devel
|
|
|
efcdb2 |
BuildRequires: httpd-devel >= 2.4.2
|
|
|
efcdb2 |
BuildRequires: pcre-devel
|
|
|
efcdb2 |
BuildRequires: python
|
|
|
efcdb2 |
BuildRequires: systemd
|
|
|
efcdb2 |
BuildRequires: svrcore-devel
|
|
|
efcdb2 |
BuildRequires: zlib
|
|
|
efcdb2 |
BuildRequires: zlib-devel
|
|
|
f332ec |
|
|
|
f332ec |
%if 0%{?rhel}
|
|
|
efcdb2 |
# NOTE: In the future, as a part of its path, this URL will contain a release
|
|
|
efcdb2 |
# directory which consists of the fixed number of the upstream release
|
|
|
efcdb2 |
# upon which this tarball was originally based.
|
|
|
efcdb2 |
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{version}/%{release}/rhel/%{name}-%{version}%{?prerel}.tar.gz
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{version}/%{release}/%{name}-%{version}%{?prerel}.tar.gz
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
efcdb2 |
Patch1: pki-core-rhel-7-2.patch
|
|
|
efcdb2 |
Patch2: pki-core-handle-JSON-decode-error.patch
|
|
|
efcdb2 |
Patch3: pki-core-fix-exception-when-talking-to-Dogtag-9-systems.patch
|
|
|
efcdb2 |
Patch4: pki-core-added-CLI-to-update-cert-data-and-request-in-CS-cfg.patch
|
|
|
efcdb2 |
Patch5: pki-core-fixed-pkidbuser-group-memberships.patch
|
|
|
efcdb2 |
Patch6: pki-core-added-support-for-secure-database-connection-in-CLI.patch
|
|
|
efcdb2 |
|
|
|
f332ec |
%global saveFileContext() \
|
|
|
f332ec |
if [ -s /etc/selinux/config ]; then \
|
|
|
f332ec |
. %{_sysconfdir}/selinux/config; \
|
|
|
f332ec |
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
|
|
|
f332ec |
if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
|
|
|
f332ec |
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \
|
|
|
f332ec |
fi \
|
|
|
f332ec |
fi;
|
|
|
f332ec |
|
|
|
f332ec |
%global relabel() \
|
|
|
f332ec |
. %{_sysconfdir}/selinux/config; \
|
|
|
f332ec |
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
|
|
|
f332ec |
selinuxenabled; \
|
|
|
f332ec |
if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \
|
|
|
f332ec |
fixfiles -C ${FILE_CONTEXT}.%{name} restore; \
|
|
|
f332ec |
rm -f ${FILE_CONTEXT}.%name; \
|
|
|
f332ec |
fi;
|
|
|
f332ec |
|
|
|
f332ec |
%global overview \
|
|
|
f332ec |
================================== \
|
|
|
f332ec |
|| ABOUT "CERTIFICATE SYSTEM" || \
|
|
|
f332ec |
================================== \
|
|
|
f332ec |
\
|
|
|
f332ec |
Certificate System (CS) is an enterprise software system designed \
|
|
|
f332ec |
to manage enterprise Public Key Infrastructure (PKI) deployments. \
|
|
|
f332ec |
\
|
|
|
f332ec |
PKI Core contains ALL top-level java-based Tomcat PKI components: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* pki-symkey \
|
|
|
f332ec |
* pki-base \
|
|
|
f332ec |
* pki-tools \
|
|
|
f332ec |
* pki-server \
|
|
|
f332ec |
* pki-ca \
|
|
|
eb29d7 |
* pki-kra \
|
|
|
eb29d7 |
* pki-ocsp \
|
|
|
eb29d7 |
* pki-tks \
|
|
|
efcdb2 |
* pki-tps \
|
|
|
f332ec |
* pki-javadoc \
|
|
|
f332ec |
\
|
|
|
f332ec |
which comprise the following corresponding PKI subsystems: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* Certificate Authority (CA) \
|
|
|
eb29d7 |
* Data Recovery Manager (DRM) \
|
|
|
eb29d7 |
* Online Certificate Status Protocol (OCSP) Manager \
|
|
|
eb29d7 |
* Token Key Service (TKS) \
|
|
|
eb29d7 |
* Token Processing Service (TPS) \
|
|
|
f332ec |
\
|
|
|
f332ec |
For deployment purposes, PKI Core contains fundamental packages \
|
|
|
f332ec |
required by BOTH native-based Apache AND java-based Tomcat \
|
|
|
f332ec |
Certificate System instances consisting of the following components: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* pki-tools \
|
|
|
f332ec |
\
|
|
|
f332ec |
Additionally, PKI Core contains the following fundamental packages \
|
|
|
f332ec |
required ONLY by ALL java-based Tomcat Certificate System instances: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* pki-symkey \
|
|
|
f332ec |
* pki-base \
|
|
|
f332ec |
* pki-tools \
|
|
|
f332ec |
* pki-server \
|
|
|
f332ec |
\
|
|
|
f332ec |
PKI Core also includes the following components: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* pki-javadoc \
|
|
|
f332ec |
\
|
|
|
f332ec |
Finally, if Certificate System is being deployed as an individual or \
|
|
|
f332ec |
set of standalone rather than embedded server(s)/service(s), it is \
|
|
|
f332ec |
strongly recommended (though not explicitly required) to include at \
|
|
|
f332ec |
least one PKI Theme package: \
|
|
|
f332ec |
\
|
|
|
f332ec |
* dogtag-pki-theme (Dogtag Certificate System deployments) \
|
|
|
f332ec |
* dogtag-pki-server-theme \
|
|
|
f332ec |
* redhat-pki-server-theme (Red Hat Certificate System deployments) \
|
|
|
f332ec |
* redhat-pki-server-theme \
|
|
|
f332ec |
* customized pki theme (Customized Certificate System deployments) \
|
|
|
f332ec |
* <customized>-pki-server-theme \
|
|
|
f332ec |
\
|
|
|
f332ec |
NOTE: As a convenience for standalone deployments, top-level meta \
|
|
|
f332ec |
packages may be provided which bind a particular theme to \
|
|
|
f332ec |
these certificate server packages. \
|
|
|
f332ec |
\
|
|
|
f332ec |
%{nil}
|
|
|
f332ec |
|
|
|
f332ec |
%description %{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-symkey
|
|
|
f332ec |
Summary: Symmetric Key JNI Package
|
|
|
f332ec |
Group: System Environment/Libraries
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: nss
|
|
|
f332ec |
Requires: jpackage-utils >= 0:1.7.5-10
|
|
|
eb29d7 |
Requires: jss >= 4.2.6-35
|
|
|
f332ec |
|
|
|
f332ec |
Provides: symkey = %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Obsoletes: symkey < %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-symkey
|
|
|
f332ec |
The Symmetric Key Java Native Interface (JNI) package supplies various native
|
|
|
f332ec |
symmetric key operations to Java programs.
|
|
|
f332ec |
|
|
|
f332ec |
This package is a part of the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-base
|
|
|
f332ec |
Summary: Certificate System - PKI Framework
|
|
|
f332ec |
Group: System Environment/Base
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
f332ec |
Provides: pki-common = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-util = %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Obsoletes: pki-common < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-util < %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Conflicts: freeipa-server < 3.0.0
|
|
|
f332ec |
Requires: apache-commons-cli
|
|
|
f332ec |
Requires: apache-commons-codec
|
|
|
f332ec |
Requires: apache-commons-io
|
|
|
f332ec |
Requires: apache-commons-lang
|
|
|
f332ec |
Requires: apache-commons-logging
|
|
|
eb29d7 |
Requires: jakarta-commons-httpclient
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: javassist
|
|
|
f332ec |
Requires: jpackage-utils >= 0:1.7.5-10
|
|
|
eb29d7 |
Requires: jss >= 4.2.6-35
|
|
|
f332ec |
Requires: ldapjdk
|
|
|
f332ec |
Requires: python-ldap
|
|
|
f332ec |
Requires: python-lxml
|
|
|
f332ec |
Requires: python-requests >= 1.1.0-3
|
|
|
efcdb2 |
|
|
|
eb29d7 |
%if 0%{?rhel}
|
|
|
efcdb2 |
# 'resteasy-base' is a subset of the complete set of
|
|
|
efcdb2 |
# 'resteasy' packages and consists of what is needed to
|
|
|
efcdb2 |
# support the PKI Restful interface on RHEL platforms
|
|
|
eb29d7 |
Requires: resteasy-base-atom-provider >= 3.0.6-1
|
|
|
efcdb2 |
Requires: resteasy-base-client >= 3.0.6-1
|
|
|
eb29d7 |
Requires: resteasy-base-jaxb-provider >= 3.0.6-1
|
|
|
eb29d7 |
Requires: resteasy-base-jaxrs >= 3.0.6-1
|
|
|
eb29d7 |
Requires: resteasy-base-jaxrs-api >= 3.0.6-1
|
|
|
efcdb2 |
Requires: resteasy-base-jackson-provider >= 3.0.6-1
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
%if 0%{?fedora} >= 22
|
|
|
efcdb2 |
# Starting from Fedora 22, resteasy packages were split into
|
|
|
efcdb2 |
# subpackages.
|
|
|
efcdb2 |
Requires: resteasy-atom-provider >= 3.0.6-7
|
|
|
efcdb2 |
Requires: resteasy-client >= 3.0.6-7
|
|
|
efcdb2 |
Requires: resteasy-jaxb-provider >= 3.0.6-7
|
|
|
efcdb2 |
Requires: resteasy-core >= 3.0.6-7
|
|
|
efcdb2 |
Requires: resteasy-jaxrs-api >= 3.0.6-7
|
|
|
efcdb2 |
Requires: resteasy-jackson-provider >= 3.0.6-7
|
|
|
f332ec |
%else
|
|
|
efcdb2 |
Requires: resteasy >= 3.0.6-2
|
|
|
f332ec |
%endif
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
f332ec |
Requires: xalan-j2
|
|
|
f332ec |
Requires: xerces-j2
|
|
|
f332ec |
Requires: xml-commons-apis
|
|
|
f332ec |
Requires: xml-commons-resolver
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-base
|
|
|
f332ec |
The PKI Framework contains the common and client libraries and utilities.
|
|
|
f332ec |
This package is a part of the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-tools
|
|
|
f332ec |
Summary: Certificate System - PKI Tools
|
|
|
f332ec |
Group: System Environment/Base
|
|
|
f332ec |
|
|
|
f332ec |
Provides: pki-native-tools = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-java-tools = %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Obsoletes: pki-native-tools < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-java-tools < %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Requires: openldap-clients
|
|
|
f332ec |
Requires: nss
|
|
|
f332ec |
Requires: nss-tools
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: pki-base = %{version}-%{release}
|
|
|
f332ec |
Requires: jpackage-utils >= 0:1.7.5-10
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-tools
|
|
|
f332ec |
This package contains PKI executables that can be used to help make
|
|
|
f332ec |
Certificate System into a more complete and robust PKI solution.
|
|
|
f332ec |
|
|
|
f332ec |
This package is a part of the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
efcdb2 |
%if %{with server}
|
|
|
efcdb2 |
|
|
|
f332ec |
%package -n pki-server
|
|
|
f332ec |
Summary: Certificate System - PKI Server Framework
|
|
|
f332ec |
Group: System Environment/Base
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
f332ec |
Provides: pki-deploy = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-setup = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-silent = %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Obsoletes: pki-deploy < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-setup < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-silent < %{version}-%{release}
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: net-tools
|
|
|
efcdb2 |
|
|
|
efcdb2 |
%if 0%{?rhel}
|
|
|
efcdb2 |
Requires: nuxwdog-client-java >= 1.0.1-11
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
Requires: nuxwdog-client-java >= 1.0.3
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
|
|
|
f332ec |
Requires: perl(File::Slurp)
|
|
|
f332ec |
Requires: policycoreutils
|
|
|
f332ec |
Requires: openldap-clients
|
|
|
f332ec |
Requires: pki-base = %{version}-%{release}
|
|
|
f332ec |
Requires: pki-tools = %{version}-%{release}
|
|
|
eb29d7 |
Requires: policycoreutils-python
|
|
|
f332ec |
|
|
|
efcdb2 |
%if 0%{?fedora} >= 21
|
|
|
efcdb2 |
Requires: selinux-policy-targeted >= 3.13.1-9
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
# 0%{?rhel} || 0%{?fedora} < 21
|
|
|
efcdb2 |
Requires: selinux-policy-targeted >= 3.12.1-153
|
|
|
efcdb2 |
%endif
|
|
|
f332ec |
Obsoletes: pki-selinux
|
|
|
eb29d7 |
|
|
|
eb29d7 |
%if 0%{?rhel}
|
|
|
eb29d7 |
Requires: tomcat >= 7.0.54
|
|
|
eb29d7 |
%else
|
|
|
eb29d7 |
Requires: tomcat >= 7.0.47
|
|
|
efcdb2 |
%if 0%{?fedora} >= 23
|
|
|
efcdb2 |
Requires: tomcat-el-3.0-api
|
|
|
efcdb2 |
Requires: tomcat-jsp-2.3-api
|
|
|
efcdb2 |
Requires: tomcat-servlet-3.1-api
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
Requires: tomcat-el-2.2-api
|
|
|
efcdb2 |
Requires: tomcat-jsp-2.2-api
|
|
|
efcdb2 |
Requires: tomcat-servlet-3.0-api
|
|
|
efcdb2 |
%endif
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
f332ec |
Requires: velocity
|
|
|
f332ec |
Requires(post): systemd-units
|
|
|
f332ec |
Requires(preun): systemd-units
|
|
|
f332ec |
Requires(postun): systemd-units
|
|
|
efcdb2 |
Requires(pre): shadow-utils
|
|
|
eb29d7 |
|
|
|
efcdb2 |
%if 0%{?rhel}
|
|
|
efcdb2 |
Requires: tomcatjss >= 7.1.0-6
|
|
|
efcdb2 |
%else
|
|
|
efcdb2 |
Requires: tomcatjss >= 7.1.2
|
|
|
efcdb2 |
%endif
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-server
|
|
|
f332ec |
The PKI Server Framework is required by the following four PKI subsystems:
|
|
|
f332ec |
|
|
|
f332ec |
the Certificate Authority (CA),
|
|
|
f332ec |
the Data Recovery Manager (DRM),
|
|
|
eb29d7 |
the Online Certificate Status Protocol (OCSP) Manager,
|
|
|
eb29d7 |
the Token Key Service (TKS), and
|
|
|
eb29d7 |
the Token Processing Service (TPS).
|
|
|
f332ec |
|
|
|
f332ec |
This package is a part of the PKI Core used by the Certificate System.
|
|
|
f332ec |
The package contains scripts to create and remove PKI subsystems.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-ca
|
|
|
f332ec |
Summary: Certificate System - Certificate Authority
|
|
|
f332ec |
Group: System Environment/Daemons
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: pki-server = %{version}-%{release}
|
|
|
f332ec |
Requires(post): systemd-units
|
|
|
f332ec |
Requires(preun): systemd-units
|
|
|
f332ec |
Requires(postun): systemd-units
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-ca
|
|
|
f332ec |
The Certificate Authority (CA) is a required PKI subsystem which issues,
|
|
|
f332ec |
renews, revokes, and publishes certificates as well as compiling and
|
|
|
f332ec |
publishing Certificate Revocation Lists (CRLs).
|
|
|
f332ec |
|
|
|
f332ec |
The Certificate Authority can be configured as a self-signing Certificate
|
|
|
f332ec |
Authority, where it is the root CA, or it can act as a subordinate CA,
|
|
|
f332ec |
where it obtains its own signing certificate from a public CA.
|
|
|
f332ec |
|
|
|
f332ec |
This package is one of the top-level java-based Tomcat PKI subsystems
|
|
|
f332ec |
provided by the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-kra
|
|
|
f332ec |
Summary: Certificate System - Data Recovery Manager
|
|
|
f332ec |
Group: System Environment/Daemons
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: pki-server = %{version}-%{release}
|
|
|
f332ec |
Requires(post): systemd-units
|
|
|
f332ec |
Requires(preun): systemd-units
|
|
|
f332ec |
Requires(postun): systemd-units
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-kra
|
|
|
f332ec |
The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
|
|
|
f332ec |
as a Key Recovery Authority (KRA). When configured in conjunction with the
|
|
|
f332ec |
Certificate Authority (CA), the DRM stores private encryption keys as part of
|
|
|
f332ec |
the certificate enrollment process. The key archival mechanism is triggered
|
|
|
f332ec |
when a user enrolls in the PKI and creates the certificate request. Using the
|
|
|
f332ec |
Certificate Request Message Format (CRMF) request format, a request is
|
|
|
f332ec |
generated for the user's private encryption key. This key is then stored in
|
|
|
f332ec |
the DRM which is configured to store keys in an encrypted format that can only
|
|
|
f332ec |
be decrypted by several agents requesting the key at one time, providing for
|
|
|
f332ec |
protection of the public encryption keys for the users in the PKI deployment.
|
|
|
f332ec |
|
|
|
f332ec |
Note that the DRM archives encryption keys; it does NOT archive signing keys,
|
|
|
f332ec |
since such archival would undermine non-repudiation properties of signing keys.
|
|
|
f332ec |
|
|
|
f332ec |
This package is one of the top-level java-based Tomcat PKI subsystems
|
|
|
f332ec |
provided by the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-ocsp
|
|
|
f332ec |
Summary: Certificate System - Online Certificate Status Protocol Manager
|
|
|
f332ec |
Group: System Environment/Daemons
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: pki-server = %{version}-%{release}
|
|
|
f332ec |
Requires(post): systemd-units
|
|
|
f332ec |
Requires(preun): systemd-units
|
|
|
f332ec |
Requires(postun): systemd-units
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-ocsp
|
|
|
f332ec |
The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
|
|
|
f332ec |
subsystem that can act as a stand-alone OCSP service. The OCSP Manager
|
|
|
f332ec |
performs the task of an online certificate validation authority by enabling
|
|
|
f332ec |
OCSP-compliant clients to do real-time verification of certificates. Note
|
|
|
f332ec |
that an online certificate-validation authority is often referred to as an
|
|
|
f332ec |
OCSP Responder.
|
|
|
f332ec |
|
|
|
f332ec |
Although the Certificate Authority (CA) is already configured with an
|
|
|
f332ec |
internal OCSP service. An external OCSP Responder is offered as a separate
|
|
|
f332ec |
subsystem in case the user wants the OCSP service provided outside of a
|
|
|
f332ec |
firewall while the CA resides inside of a firewall, or to take the load of
|
|
|
f332ec |
requests off of the CA.
|
|
|
f332ec |
|
|
|
f332ec |
The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
|
|
|
f332ec |
multiple CA servers, and clients can query the OCSP Manager for the
|
|
|
f332ec |
revocation status of certificates issued by all of these CA servers.
|
|
|
f332ec |
|
|
|
f332ec |
When an instance of OCSP Manager is set up with an instance of CA, and
|
|
|
f332ec |
publishing is set up to this OCSP Manager, CRLs are published to it
|
|
|
f332ec |
whenever they are issued or updated.
|
|
|
f332ec |
|
|
|
f332ec |
This package is one of the top-level java-based Tomcat PKI subsystems
|
|
|
f332ec |
provided by the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-tks
|
|
|
f332ec |
Summary: Certificate System - Token Key Service
|
|
|
f332ec |
Group: System Environment/Daemons
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
f332ec |
Requires: pki-server = %{version}-%{release}
|
|
|
eb29d7 |
Requires: pki-symkey = %{version}-%{release}
|
|
|
f332ec |
Requires(post): systemd-units
|
|
|
f332ec |
Requires(preun): systemd-units
|
|
|
f332ec |
Requires(postun): systemd-units
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-tks
|
|
|
f332ec |
The Token Key Service (TKS) is an optional PKI subsystem that manages the
|
|
|
f332ec |
master key(s) and the transport key(s) required to generate and distribute
|
|
|
f332ec |
keys for hardware tokens. TKS provides the security between tokens and an
|
|
|
f332ec |
instance of Token Processing System (TPS), where the security relies upon the
|
|
|
f332ec |
relationship between the master key and the token keys. A TPS communicates
|
|
|
f332ec |
with a TKS over SSL using client authentication.
|
|
|
f332ec |
|
|
|
f332ec |
TKS helps establish a secure channel (signed and encrypted) between the token
|
|
|
f332ec |
and the TPS, provides proof of presence of the security token during
|
|
|
f332ec |
enrollment, and supports key changeover when the master key changes on the
|
|
|
f332ec |
TKS. Tokens with older keys will get new token keys.
|
|
|
f332ec |
|
|
|
f332ec |
Because of the sensitivity of the data that TKS manages, TKS should be set up
|
|
|
f332ec |
behind the firewall with restricted access.
|
|
|
f332ec |
|
|
|
f332ec |
This package is one of the top-level java-based Tomcat PKI subsystems
|
|
|
f332ec |
provided by the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
|
|
|
efcdb2 |
%package -n pki-tps
|
|
|
eb29d7 |
Summary: Certificate System - Token Processing Service
|
|
|
eb29d7 |
Group: System Environment/Daemons
|
|
|
eb29d7 |
|
|
|
efcdb2 |
Provides: pki-tps-tomcat
|
|
|
efcdb2 |
Provides: pki-tps-client
|
|
|
efcdb2 |
|
|
|
efcdb2 |
Obsoletes: pki-tps-tomcat
|
|
|
efcdb2 |
Obsoletes: pki-tps-client
|
|
|
eb29d7 |
|
|
|
efcdb2 |
Requires: java-headless >= 1:1.7.0
|
|
|
eb29d7 |
Requires: pki-server = %{version}-%{release}
|
|
|
eb29d7 |
Requires(post): systemd-units
|
|
|
eb29d7 |
Requires(preun): systemd-units
|
|
|
eb29d7 |
Requires(postun): systemd-units
|
|
|
eb29d7 |
|
|
|
efcdb2 |
# additional runtime requirements needed to run native 'tpsclient'
|
|
|
efcdb2 |
# REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app
|
|
|
efcdb2 |
Requires: mod_nss
|
|
|
efcdb2 |
Requires: mod_revocator
|
|
|
efcdb2 |
Requires: nss >= 3.14.3
|
|
|
efcdb2 |
Requires: nss-tools >= 3.14.3
|
|
|
efcdb2 |
Requires: openldap-clients
|
|
|
efcdb2 |
Requires: pki-symkey = %{version}-%{release}
|
|
|
efcdb2 |
|
|
|
efcdb2 |
%description -n pki-tps
|
|
|
eb29d7 |
The Token Processing System (TPS) is an optional PKI subsystem that acts
|
|
|
eb29d7 |
as a Registration Authority (RA) for authenticating and processing
|
|
|
eb29d7 |
enrollment requests, PIN reset requests, and formatting requests from
|
|
|
eb29d7 |
the Enterprise Security Client (ESC).
|
|
|
eb29d7 |
|
|
|
eb29d7 |
TPS is designed to communicate with tokens that conform to
|
|
|
eb29d7 |
Global Platform's Open Platform Specification.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
TPS communicates over SSL with various PKI backend subsystems (including
|
|
|
eb29d7 |
the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
|
|
|
eb29d7 |
Token Key Service (TKS)) to fulfill the user's requests.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
TPS also interacts with the token database, an LDAP server that stores
|
|
|
eb29d7 |
information about individual tokens.
|
|
|
eb29d7 |
|
|
|
efcdb2 |
The utility "tpsclient" is a test tool that interacts with TPS. This
|
|
|
efcdb2 |
tool is useful to test TPS server configs without risking an actual
|
|
|
efcdb2 |
smart card.
|
|
|
efcdb2 |
|
|
|
eb29d7 |
%{overview}
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%package -n pki-javadoc
|
|
|
f332ec |
Summary: Certificate System - PKI Framework Javadocs
|
|
|
f332ec |
Group: Documentation
|
|
|
f332ec |
|
|
|
f332ec |
BuildArch: noarch
|
|
|
f332ec |
|
|
|
f332ec |
Provides: pki-util-javadoc = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-java-tools-javadoc = %{version}-%{release}
|
|
|
f332ec |
Provides: pki-common-javadoc = %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
Obsoletes: pki-util-javadoc < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-java-tools-javadoc < %{version}-%{release}
|
|
|
f332ec |
Obsoletes: pki-common-javadoc < %{version}-%{release}
|
|
|
f332ec |
|
|
|
f332ec |
%description -n pki-javadoc
|
|
|
f332ec |
This documentation pertains exclusively to version %{version} of
|
|
|
f332ec |
the PKI Framework and Tools.
|
|
|
f332ec |
|
|
|
f332ec |
This package is a part of the PKI Core used by the Certificate System.
|
|
|
f332ec |
|
|
|
f332ec |
%{overview}
|
|
|
f332ec |
|
|
|
efcdb2 |
%endif # %{with server}
|
|
|
efcdb2 |
|
|
|
f332ec |
|
|
|
f332ec |
%prep
|
|
|
f332ec |
%setup -q -n %{name}-%{version}%{?prerel}
|
|
|
f332ec |
%patch1 -p1
|
|
|
f332ec |
%patch2 -p1
|
|
|
f332ec |
%patch3 -p1
|
|
|
f332ec |
%patch4 -p1
|
|
|
f332ec |
%patch5 -p1
|
|
|
f332ec |
%patch6 -p1
|
|
|
f332ec |
|
|
|
f332ec |
%clean
|
|
|
f332ec |
%{__rm} -rf %{buildroot}
|
|
|
f332ec |
|
|
|
f332ec |
%build
|
|
|
f332ec |
%{__mkdir_p} build
|
|
|
f332ec |
cd build
|
|
|
f332ec |
%cmake -DVERSION=%{version}-%{release} \
|
|
|
f332ec |
-DVAR_INSTALL_DIR:PATH=/var \
|
|
|
f332ec |
-DBUILD_PKI_CORE:BOOL=ON \
|
|
|
f332ec |
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
|
|
f332ec |
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
|
|
efcdb2 |
%if ! %{with_tomcat7}
|
|
|
efcdb2 |
-DWITH_TOMCAT7:BOOL=OFF \
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
%if ! %{with_tomcat8}
|
|
|
efcdb2 |
-DWITH_TOMCAT8:BOOL=OFF \
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
-DRESTEASY_LIB=%{resteasy_lib} \
|
|
|
efcdb2 |
%if ! %{with server}
|
|
|
efcdb2 |
-DWITH_SERVER:BOOL=OFF \
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
%if ! %{with server}
|
|
|
efcdb2 |
-DWITH_SERVER:BOOL=OFF \
|
|
|
efcdb2 |
%endif
|
|
|
efcdb2 |
%if ! %{with javadoc}
|
|
|
efcdb2 |
-DWITH_JAVADOC:BOOL=OFF \
|
|
|
f332ec |
%endif
|
|
|
f332ec |
..
|
|
|
f332ec |
%{__make} VERBOSE=1 %{?_smp_mflags} all
|
|
|
efcdb2 |
# %{__make} VERBOSE=1 %{?_smp_mflags} unit-test
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%install
|
|
|
f332ec |
%{__rm} -rf %{buildroot}
|
|
|
f332ec |
cd build
|
|
|
f332ec |
%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
|
|
|
f332ec |
|
|
|
efcdb2 |
# Create symlinks for admin console (TPS does not use admin console)
|
|
|
efcdb2 |
for subsystem in ca kra ocsp tks; do
|
|
|
efcdb2 |
%{__mkdir_p} %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/admin
|
|
|
efcdb2 |
ln -s %{_datadir}/pki/server/webapps/pki/admin/console %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/admin
|
|
|
efcdb2 |
done
|
|
|
efcdb2 |
|
|
|
efcdb2 |
# Create symlinks for subsystem libraries
|
|
|
efcdb2 |
for subsystem in ca kra ocsp tks tps; do
|
|
|
efcdb2 |
%{__mkdir_p} %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-nsutil.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-cmsutil.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-certsrv.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-cms.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-cmscore.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-cmsbundle.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
ln -s %{_javadir}/pki/pki-$subsystem.jar %{buildroot}%{_datadir}/pki/$subsystem/webapps/$subsystem/WEB-INF/lib
|
|
|
efcdb2 |
done
|
|
|
efcdb2 |
|
|
|
efcdb2 |
%if %{with server}
|
|
|
efcdb2 |
|
|
|
f332ec |
%if ! 0%{?rhel}
|
|
|
efcdb2 |
# Scanning the python code with pylint.
|
|
|
eb29d7 |
sh ../pylint-build-scan.sh %{buildroot} `pwd`
|
|
|
efcdb2 |
if [ $? -ne 0 ]; then
|
|
|
efcdb2 |
echo "pylint failed. RC: $?"
|
|
|
eb29d7 |
exit 1
|
|
|
eb29d7 |
fi
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
f332ec |
%{__rm} -rf %{buildroot}%{_datadir}/pki/server/lib
|
|
|
f332ec |
|
|
|
efcdb2 |
%endif # %{with server}
|
|
|
efcdb2 |
|
|
|
f332ec |
%{__mkdir_p} %{buildroot}%{_localstatedir}/log/pki
|
|
|
f332ec |
%{__mkdir_p} %{buildroot}%{_sharedstatedir}/pki
|
|
|
f332ec |
|
|
|
eb29d7 |
%if ! 0%{?rhel}
|
|
|
f332ec |
%pretrans -n pki-base -p <lua>
|
|
|
f332ec |
function test(a)
|
|
|
f332ec |
if posix.stat(a) then
|
|
|
f332ec |
for f in posix.files(a) do
|
|
|
f332ec |
if f~=".." and f~="." then
|
|
|
f332ec |
return true
|
|
|
f332ec |
end
|
|
|
f332ec |
end
|
|
|
f332ec |
end
|
|
|
f332ec |
return false
|
|
|
f332ec |
end
|
|
|
f332ec |
|
|
|
f332ec |
if (test("/etc/sysconfig/pki/ca") or
|
|
|
f332ec |
test("/etc/sysconfig/pki/kra") or
|
|
|
f332ec |
test("/etc/sysconfig/pki/ocsp") or
|
|
|
f332ec |
test("/etc/sysconfig/pki/tks")) then
|
|
|
eb29d7 |
msg = "Unable to upgrade to Fedora 20. There are Dogtag 9 instances\n" ..
|
|
|
f332ec |
"that will no longer work since they require Tomcat 6, and \n" ..
|
|
|
eb29d7 |
"Tomcat 6 is no longer available in Fedora 20.\n\n" ..
|
|
|
f332ec |
"Please follow these instructions to migrate the instances to \n" ..
|
|
|
f332ec |
"Dogtag 10:\n\n" ..
|
|
|
f332ec |
"http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10"
|
|
|
f332ec |
error(msg)
|
|
|
f332ec |
end
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
efcdb2 |
%pre -n pki-server
|
|
|
efcdb2 |
getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname}
|
|
|
efcdb2 |
if ! getent passwd %{pki_username} >/dev/null ; then
|
|
|
efcdb2 |
if ! getent passwd %{pki_uid} >/dev/null ; then
|
|
|
efcdb2 |
useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}
|
|
|
efcdb2 |
else
|
|
|
efcdb2 |
useradd -r -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}
|
|
|
efcdb2 |
fi
|
|
|
efcdb2 |
fi
|
|
|
efcdb2 |
exit 0
|
|
|
efcdb2 |
|
|
|
f332ec |
%post -n pki-base
|
|
|
f332ec |
|
|
|
f332ec |
if [ $1 -eq 1 ]
|
|
|
f332ec |
then
|
|
|
f332ec |
# On RPM installation create system upgrade tracker
|
|
|
f332ec |
echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version
|
|
|
f332ec |
|
|
|
f332ec |
else
|
|
|
f332ec |
# On RPM upgrade run system upgrade
|
|
|
f332ec |
echo "Upgrading system at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
/sbin/pki-upgrade --silent >> /var/log/pki/pki-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
echo >> /var/log/pki/pki-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
fi
|
|
|
f332ec |
|
|
|
f332ec |
%postun -n pki-base
|
|
|
f332ec |
|
|
|
f332ec |
if [ $1 -eq 0 ]
|
|
|
f332ec |
then
|
|
|
f332ec |
# On RPM uninstallation remove system upgrade tracker
|
|
|
f332ec |
rm -f %{_sysconfdir}/pki/pki.version
|
|
|
f332ec |
fi
|
|
|
f332ec |
|
|
|
efcdb2 |
%if %{with server}
|
|
|
f332ec |
|
|
|
f332ec |
%post -n pki-server
|
|
|
f332ec |
## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
|
|
|
f332ec |
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
|
|
f332ec |
## PKI deployment process
|
|
|
f332ec |
|
|
|
f332ec |
echo "Upgrading server at `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
/sbin/pki-server-upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1
|
|
|
f332ec |
|
|
|
efcdb2 |
systemctl daemon-reload
|
|
|
f332ec |
|
|
|
f332ec |
## %preun -n pki-server
|
|
|
f332ec |
## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
|
|
|
f332ec |
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
|
|
f332ec |
## PKI deployment process
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
## %postun -n pki-server
|
|
|
f332ec |
## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
|
|
|
f332ec |
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
|
|
f332ec |
## PKI deployment process
|
|
|
f332ec |
|
|
|
efcdb2 |
%endif # %{with server}
|
|
|
efcdb2 |
|
|
|
efcdb2 |
|
|
|
f332ec |
%files -n pki-symkey
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/symkey/LICENSE
|
|
|
f332ec |
%{_jnidir}/symkey.jar
|
|
|
f332ec |
%{_libdir}/symkey/
|
|
|
f332ec |
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-base
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/common/LICENSE
|
|
|
efcdb2 |
%doc %{_datadir}/doc/pki-base/html
|
|
|
f332ec |
%dir %{_datadir}/pki
|
|
|
f332ec |
%{_datadir}/pki/VERSION
|
|
|
f332ec |
%{_datadir}/pki/etc/
|
|
|
f332ec |
%{_datadir}/pki/upgrade/
|
|
|
efcdb2 |
%{_datadir}/pki/key/templates
|
|
|
f332ec |
%dir %{_sysconfdir}/pki
|
|
|
f332ec |
%config(noreplace) %{_sysconfdir}/pki/pki.conf
|
|
|
f332ec |
%dir %{_javadir}/pki
|
|
|
f332ec |
%{_javadir}/pki/pki-cmsutil.jar
|
|
|
f332ec |
%{_javadir}/pki/pki-nsutil.jar
|
|
|
f332ec |
%{_javadir}/pki/pki-certsrv.jar
|
|
|
f332ec |
%dir %{python_sitelib}/pki
|
|
|
f332ec |
%{python_sitelib}/pki/*.py
|
|
|
f332ec |
%{python_sitelib}/pki/*.pyc
|
|
|
f332ec |
%{python_sitelib}/pki/*.pyo
|
|
|
f332ec |
%dir %{_localstatedir}/log/pki
|
|
|
f332ec |
%{_sbindir}/pki-upgrade
|
|
|
f332ec |
%{_mandir}/man8/pki-upgrade.8.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-python-client.1.gz
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-tools
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/native-tools/LICENSE base/native-tools/doc/README
|
|
|
f332ec |
%{_bindir}/pki
|
|
|
f332ec |
%{_bindir}/p7tool
|
|
|
f332ec |
%{_bindir}/revoker
|
|
|
f332ec |
%{_bindir}/setpin
|
|
|
f332ec |
%{_bindir}/sslget
|
|
|
f332ec |
%{_bindir}/tkstool
|
|
|
f332ec |
%{_datadir}/pki/native-tools/
|
|
|
f332ec |
%{_bindir}/AtoB
|
|
|
f332ec |
%{_bindir}/AuditVerify
|
|
|
f332ec |
%{_bindir}/BtoA
|
|
|
f332ec |
%{_bindir}/CMCEnroll
|
|
|
f332ec |
%{_bindir}/CMCRequest
|
|
|
f332ec |
%{_bindir}/CMCResponse
|
|
|
f332ec |
%{_bindir}/CMCRevoke
|
|
|
f332ec |
%{_bindir}/CRMFPopClient
|
|
|
f332ec |
%{_bindir}/DRMTool
|
|
|
f332ec |
%{_bindir}/ExtJoiner
|
|
|
f332ec |
%{_bindir}/GenExtKeyUsage
|
|
|
f332ec |
%{_bindir}/GenIssuerAltNameExt
|
|
|
f332ec |
%{_bindir}/GenSubjectAltNameExt
|
|
|
f332ec |
%{_bindir}/HttpClient
|
|
|
f332ec |
%{_bindir}/OCSPClient
|
|
|
f332ec |
%{_bindir}/PKCS10Client
|
|
|
f332ec |
%{_bindir}/PKCS12Export
|
|
|
f332ec |
%{_bindir}/PrettyPrintCert
|
|
|
f332ec |
%{_bindir}/PrettyPrintCrl
|
|
|
f332ec |
%{_bindir}/TokenInfo
|
|
|
f332ec |
%{_javadir}/pki/pki-tools.jar
|
|
|
f332ec |
%{_datadir}/pki/java-tools/
|
|
|
f332ec |
%{_mandir}/man1/pki.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-cert.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-client.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-group.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-group-member.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-key.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-securitydomain.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-user.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-user-cert.1.gz
|
|
|
efcdb2 |
%{_mandir}/man1/pki-ca-profile.1.gz
|
|
|
efcdb2 |
|
|
|
f332ec |
|
|
|
efcdb2 |
%if %{with server}
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-server
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/common/THIRD_PARTY_LICENSES
|
|
|
f332ec |
%doc base/server/LICENSE
|
|
|
efcdb2 |
%doc base/server/README
|
|
|
f332ec |
%{_sysconfdir}/pki/default.cfg
|
|
|
f332ec |
%{_sbindir}/pkispawn
|
|
|
f332ec |
%{_sbindir}/pkidestroy
|
|
|
efcdb2 |
%{_sbindir}/pki-server
|
|
|
efcdb2 |
%{_sbindir}/pki-server-nuxwdog
|
|
|
f332ec |
%{_sbindir}/pki-server-upgrade
|
|
|
f332ec |
#%{_bindir}/pki-setup-proxy
|
|
|
f332ec |
%{python_sitelib}/pki/server/
|
|
|
f332ec |
%dir %{_datadir}/pki/deployment
|
|
|
f332ec |
%{_datadir}/pki/deployment/config/
|
|
|
f332ec |
%dir %{_datadir}/pki/scripts
|
|
|
f332ec |
%{_datadir}/pki/scripts/operations
|
|
|
f332ec |
%{_datadir}/pki/scripts/pkicommon.pm
|
|
|
f332ec |
%{_bindir}/pkidaemon
|
|
|
f332ec |
%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants
|
|
|
f332ec |
%{_unitdir}/pki-tomcatd@.service
|
|
|
f332ec |
%{_unitdir}/pki-tomcatd.target
|
|
|
efcdb2 |
%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants
|
|
|
efcdb2 |
%{_unitdir}/pki-tomcatd-nuxwdog@.service
|
|
|
efcdb2 |
%{_unitdir}/pki-tomcatd-nuxwdog.target
|
|
|
f332ec |
%{_javadir}/pki/pki-cms.jar
|
|
|
f332ec |
%{_javadir}/pki/pki-cmsbundle.jar
|
|
|
f332ec |
%{_javadir}/pki/pki-cmscore.jar
|
|
|
f332ec |
%{_javadir}/pki/pki-tomcat.jar
|
|
|
f332ec |
%dir %{_sharedstatedir}/pki
|
|
|
f332ec |
%{_bindir}/pki-setup-proxy
|
|
|
f332ec |
%{_mandir}/man5/pki_default.cfg.5.gz
|
|
|
f332ec |
%{_mandir}/man8/pki-server-upgrade.8.gz
|
|
|
f332ec |
%{_mandir}/man8/pkidestroy.8.gz
|
|
|
f332ec |
%{_mandir}/man8/pkispawn.8.gz
|
|
|
f332ec |
|
|
|
f332ec |
%{_datadir}/pki/setup/
|
|
|
f332ec |
%{_datadir}/pki/server/
|
|
|
f332ec |
|
|
|
efcdb2 |
|
|
|
f332ec |
%files -n pki-ca
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/ca/LICENSE
|
|
|
f332ec |
%{_javadir}/pki/pki-ca.jar
|
|
|
f332ec |
%dir %{_datadir}/pki/ca
|
|
|
f332ec |
%{_datadir}/pki/ca/conf/
|
|
|
f332ec |
%{_datadir}/pki/ca/emails/
|
|
|
f332ec |
%dir %{_datadir}/pki/ca/profiles
|
|
|
f332ec |
%{_datadir}/pki/ca/profiles/ca/
|
|
|
f332ec |
%{_datadir}/pki/ca/setup/
|
|
|
f332ec |
%{_datadir}/pki/ca/webapps/
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-kra
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/kra/LICENSE
|
|
|
f332ec |
%{_javadir}/pki/pki-kra.jar
|
|
|
f332ec |
%dir %{_datadir}/pki/kra
|
|
|
f332ec |
%{_datadir}/pki/kra/conf/
|
|
|
f332ec |
%{_datadir}/pki/kra/setup/
|
|
|
f332ec |
%{_datadir}/pki/kra/webapps/
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-ocsp
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/ocsp/LICENSE
|
|
|
f332ec |
%{_javadir}/pki/pki-ocsp.jar
|
|
|
f332ec |
%dir %{_datadir}/pki/ocsp
|
|
|
f332ec |
%{_datadir}/pki/ocsp/conf/
|
|
|
f332ec |
%{_datadir}/pki/ocsp/setup/
|
|
|
f332ec |
%{_datadir}/pki/ocsp/webapps/
|
|
|
f332ec |
|
|
|
f332ec |
%files -n pki-tks
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%doc base/tks/LICENSE
|
|
|
f332ec |
%{_javadir}/pki/pki-tks.jar
|
|
|
f332ec |
%dir %{_datadir}/pki/tks
|
|
|
f332ec |
%{_datadir}/pki/tks/conf/
|
|
|
f332ec |
%{_datadir}/pki/tks/setup/
|
|
|
f332ec |
%{_datadir}/pki/tks/webapps/
|
|
|
f332ec |
|
|
|
efcdb2 |
%files -n pki-tps
|
|
|
eb29d7 |
%defattr(-,root,root,-)
|
|
|
eb29d7 |
%doc base/tps/LICENSE
|
|
|
eb29d7 |
%{_javadir}/pki/pki-tps.jar
|
|
|
eb29d7 |
%dir %{_datadir}/pki/tps
|
|
|
efcdb2 |
%{_datadir}/pki/tps/applets/
|
|
|
eb29d7 |
%{_datadir}/pki/tps/conf/
|
|
|
eb29d7 |
%{_datadir}/pki/tps/setup/
|
|
|
eb29d7 |
%{_datadir}/pki/tps/webapps/
|
|
|
efcdb2 |
%{_mandir}/man5/pki-tps-connector.5.gz
|
|
|
efcdb2 |
%{_mandir}/man5/pki-tps-profile.5.gz
|
|
|
efcdb2 |
# files for native 'tpsclient'
|
|
|
efcdb2 |
# REMINDER: Remove this comment once 'tpsclient' is rewritten as a Java app
|
|
|
efcdb2 |
%{_bindir}/tpsclient
|
|
|
efcdb2 |
%{_libdir}/tps/libtps.so
|
|
|
efcdb2 |
%{_libdir}/tps/libtokendb.so
|
|
|
efcdb2 |
|
|
|
efcdb2 |
%if %{with javadoc}
|
|
|
f332ec |
%files -n pki-javadoc
|
|
|
f332ec |
%defattr(-,root,root,-)
|
|
|
f332ec |
%{_javadocdir}/pki-%{version}/
|
|
|
f332ec |
%endif
|
|
|
f332ec |
|
|
|
efcdb2 |
%endif # %{with server}
|
|
|
f332ec |
|
|
|
f332ec |
%changelog
|
|
|
efcdb2 |
* Mon Sep 21 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-6
|
|
|
efcdb2 |
- Bugzilla Bug #1258630 - Upgraded CA lacks ca.sslserver.certreq
|
|
|
efcdb2 |
in CS.cfg [edewata]
|
|
|
efcdb2 |
- Bugzilla Bug #1258634 - CA fails to authenticate to KRA for
|
|
|
efcdb2 |
archival [edewata]
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Aug 12 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-5
|
|
|
efcdb2 |
- Bugzilla Bug #1253045 - handle_exceptions() raises JSONDecodeError [cheimes]
|
|
|
efcdb2 |
'pki-core-handle-JSON-decode-error.patch'
|
|
|
efcdb2 |
- modified for RHEL 7.2 by removing changes to '.gitignore',
|
|
|
efcdb2 |
'tests/python/test_pki.py', and 'tox.ini' [mharmsen]
|
|
|
efcdb2 |
- Bugzilla Bug #1253047 - issues in cloning from dogtag 9 to 10 [alee]
|
|
|
efcdb2 |
'pki-core-fix-exception-when-talking-to-Dogtag-9-systems.patch'
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Jul 15 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-4
|
|
|
efcdb2 |
- Bugzilla Bug #1143067 - The pkiuser user/group should be created in
|
|
|
efcdb2 |
rpm %%pre, and ideally with fixed uid/gid [cheimes]
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Mon Jul 6 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-3
|
|
|
efcdb2 |
- Dogtag 10.2.5-3 patch for RHEL 7.2 Re-base
|
|
|
efcdb2 |
- git format-patch cc97f8628b23f8ea75308bb97a31307cb4f162b9^..
|
|
|
efcdb2 |
ac5447a8e0bac5112882be700a17a9274e322adc --stdout > pki-core-rhel-7-2.patch
|
|
|
efcdb2 |
- remove e5c4e87ac5ce881efa160352ce87ad81026f3446 (QE test)
|
|
|
efcdb2 |
- Contents of 'pki-core-rhel-7-2.patch':
|
|
|
efcdb2 |
- PKI TRAC Ticket #1249 - Misleading self test log message [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1444 - pkispawn: installation aborts when HSM contains
|
|
|
efcdb2 |
empty slots [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #995 - Provide more info on how to use --input with pki
|
|
|
efcdb2 |
cert-find in the man page [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1122 - Need to describe paging options in 'pki' man page
|
|
|
efcdb2 |
[edewata]
|
|
|
efcdb2 |
- Cleaned up SystemConfigService.validateRequest() [edewata]
|
|
|
efcdb2 |
- Cleaned up SystemConfigService.configureClone() [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1438 - pkispawn: SSL_ForceHandshake issue for non-CA on
|
|
|
efcdb2 |
HSM on both shared and nonshared tomcat instances [cfu]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1442 - Ability to toggle profile usablity in Web vs CLI
|
|
|
efcdb2 |
tools [jmagne]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
|
|
|
efcdb2 |
(Cloning, Subordinates, Externals, HSMs, ECC) [mharmsen]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1446 - Unable to select ECC Curves from EE [jmagne]
|
|
|
efcdb2 |
- Fixed pki help CLI [edewata]
|
|
|
efcdb2 |
- Fixed NPE in key-archive CLI [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #891 - Missing fail-over code in HttpConnection [edewata]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1447 - pkispawn: findCertByNickname fails to find cert in
|
|
|
efcdb2 |
creating shared tomcat subsystems on HSM [cfu]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has
|
|
|
efcdb2 |
pki_client related params the dir is not created and the admin cert p12
|
|
|
efcdb2 |
file is stored nowhere [mharmsen]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1358 - Retrying failed OCSP clone results duplicate
|
|
|
efcdb2 |
replecation id and a failure [jmagne]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1462 - profile update in raw format accepts bad config
|
|
|
efcdb2 |
[ftweedal]
|
|
|
efcdb2 |
- PKI TRAC Ticket #1449 - pki cert-find could be time consuming: add VLV
|
|
|
efcdb2 |
index for new installations [edewata]
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Sat Jun 20 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-2
|
|
|
efcdb2 |
- Remove ExcludeArch directive
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-1
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Fri May 29 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-2
|
|
|
efcdb2 |
- Fixed issues found during testing previous build
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue May 26 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-1
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue May 12 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.2
|
|
|
efcdb2 |
- Updated nuxwdog and tomcatjss requirements (alee)
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.1
|
|
|
efcdb2 |
- Updated version number to 10.2.4-0.1
|
|
|
efcdb2 |
- Added nuxwdog systemd files
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-1
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Thu Apr 9 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1
|
|
|
efcdb2 |
- Reverted version number back to 10.2.3-0.1
|
|
|
efcdb2 |
- Added support for Tomcat 8.
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Mon Apr 6 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.1
|
|
|
efcdb2 |
- Updated version number to 10.3.0-0.1
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Mar 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1
|
|
|
efcdb2 |
- Updated version number to 10.2.3-0.1
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue Mar 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.2-1
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Mon Jan 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.1-1
|
|
|
efcdb2 |
- Change resteasy dependencies for F22+
|
|
|
efcdb2 |
- Added CLIs to simplify generating user certificates
|
|
|
efcdb2 |
- Added enhancements to KRA Python API
|
|
|
efcdb2 |
- Added a man page for pki ca-profile commands.
|
|
|
efcdb2 |
- Added python api docs
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
- Updated Resteasy and Jackson dependencies.
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue Dec 16 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-6
|
|
|
efcdb2 |
- Bugzilla Bug #1160435 - Remove obsolete packages from CS 9.0
|
|
|
efcdb2 |
- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
|
|
|
efcdb2 |
- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
|
|
|
efcdb2 |
- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
|
|
|
efcdb2 |
dependencies
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue Dec 2 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-5
|
|
|
efcdb2 |
- Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not
|
|
|
efcdb2 |
found (mharmsen)
|
|
|
efcdb2 |
- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
|
|
|
efcdb2 |
- Bugzilla Bug #1151147 - issuerDN encoding correction (cfu)
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Mon Nov 24 2014 Christina Fu <cfu@redhat.com> 10.2.0-4
|
|
|
efcdb2 |
- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
|
|
|
efcdb2 |
- up the release number to 4
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Oct 1 2014 Ade Lee <alee@redhat.com> 10.2.0-3
|
|
|
efcdb2 |
- Disable pylint dependency for RHEL builds
|
|
|
efcdb2 |
- Added jakarta-commons-httpclient requirements
|
|
|
efcdb2 |
- Added tomcat version for RHEL build
|
|
|
efcdb2 |
- Added resteasy-base-client for RHEL build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Sep 24 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-2
|
|
|
efcdb2 |
- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Sep 3 2014 Dogtag Team <pki-devel@redhat.com> 10.2.0-1
|
|
|
efcdb2 |
- Update release number for release build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Sep 3 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.10
|
|
|
efcdb2 |
- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Fri Aug 29 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.9
|
|
|
efcdb2 |
- Merged jmagne@redhat.com's spec file changes from the stand-alone
|
|
|
efcdb2 |
'pki-tps-client' package needed to build/run the native 'tpsclient'
|
|
|
efcdb2 |
command line utility into this 'pki-core' spec file under the 'tps' package.
|
|
|
efcdb2 |
- Original tps libararies must be built to support this native utility.
|
|
|
efcdb2 |
- Modifies tps package from 'noarch' into 'architecture-specific' package
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Aug 27 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.8
|
|
|
efcdb2 |
- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent'
|
|
|
efcdb2 |
packages . . .
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.5
|
|
|
efcdb2 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Aug 13 2014 Jack Magne <jmagne@redhat.com> - 10.2.0-0.7
|
|
|
efcdb2 |
- Respin to include the applet files with the rpm install. No change
|
|
|
efcdb2 |
to spec file needed.
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue Jul 15 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.6
|
|
|
efcdb2 |
- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --
|
|
|
efcdb2 |
drop dependency on java-atk-wrapper
|
|
|
efcdb2 |
- Removed 'java-atk-wrapper' dependency from 'pki-server'
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Wed Jul 2 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.5
|
|
|
efcdb2 |
- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Tue Jul 1 2014 Ade Lee <alee@redhat.com> - 10.2.0-0.4
|
|
|
efcdb2 |
- Update rawhide build
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.3
|
|
|
efcdb2 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 10.2.0-0.2
|
|
|
efcdb2 |
- Use Requires: java-headless rebuild (#1067528)
|
|
|
efcdb2 |
|
|
|
efcdb2 |
* Fri Nov 22 2013 Dogtag Team <pki-devel@redhat.com> 10.2.0-0.1
|
|
|
efcdb2 |
- Added option to build without server packages.
|
|
|
efcdb2 |
- Replaced Jettison with Jackson.
|
|
|
efcdb2 |
- Added python-nss build requirement
|
|
|
eb29d7 |
- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
|
|
|
eb29d7 |
- TRAC Ticket #840 - pkispawn requires policycoreutils-python
|
|
|
efcdb2 |
- Updated requirements for resteasy
|
|
|
efcdb2 |
- Added template files for archive, retrieve and generate key
|
|
|
efcdb2 |
requests to the client package.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Fri Nov 15 2013 Ade Lee <alee@redhat.com> 10.1.0-1
|
|
|
eb29d7 |
- Trac Ticket 788 - Clean up spec files
|
|
|
eb29d7 |
- Update release number for release build
|
|
|
eb29d7 |
- Updated requirements for resteasy
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Sun Nov 10 2013 Ade Lee <alee@redhat.com> 10.1.0-0.14
|
|
|
eb29d7 |
- Change release number for beta build
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Thu Nov 7 2013 Ade Lee <alee@redhat.com> 10.1.0-0.13
|
|
|
eb29d7 |
- Updated requirements for tomcat
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Fri Oct 4 2013 Ade Lee <alee@redhat.com> 10.1.0-0.12
|
|
|
eb29d7 |
- Removed additional /var/run, /var/lock references.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Fri Oct 4 2013 Ade Lee <alee@redhat.com> 10.1.0-0.11
|
|
|
eb29d7 |
- Removed delivery of /var/lock and /var/run directories for fedora 20.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Wed Aug 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.10
|
|
|
eb29d7 |
- Moved Tomcat-based TPS into pki-core.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Wed Aug 14 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.9
|
|
|
eb29d7 |
- Listed new packages required during build, due to issues reported
|
|
|
eb29d7 |
by pylint.
|
|
|
eb29d7 |
- Packages added: python-requests, python-ldap, libselinux-python,
|
|
|
eb29d7 |
policycoreutils-python
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Fri Aug 09 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.8
|
|
|
eb29d7 |
- Added pylint scan to the build process.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Mon Jul 22 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.7
|
|
|
f332ec |
- Added man pages for upgrade tools.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Wed Jul 17 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.6
|
|
|
f332ec |
- Cleaned up the code to install man pages.
|
|
|
f332ec |
|
|
|
eb29d7 |
* Tue Jul 16 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.5
|
|
|
eb29d7 |
- Reorganized deployment tools.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
* Tue Jul 9 2013 Ade Lee <alee@redhat.com> 10.1.0-0.4
|
|
|
f332ec |
- Bugzilla Bug 973224 - resteasy-base must be split into subpackages
|
|
|
f332ec |
to simplify dependencies
|
|
|
f332ec |
|
|
|
eb29d7 |
* Fri Jun 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.3
|
|
|
eb29d7 |
- Updated dependencies to Java 1.7.
|
|
|
f332ec |
|
|
|
eb29d7 |
* Wed Jun 5 2013 Matthew Harmsen <mharmsen@redhat.com> 10.1.0-0.2
|
|
|
f332ec |
- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page
|
|
|
f332ec |
- TRAC Ticket 610 - Document limitation in using GUI install
|
|
|
f332ec |
- TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory
|
|
|
f332ec |
|
|
|
eb29d7 |
* Tue May 7 2013 Ade Lee <alee@redhat.com> 10.1.0-0.1
|
|
|
eb29d7 |
- Change release number for 10.1 development
|
|
|
f332ec |
|
|
|
f332ec |
* Mon May 6 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-5
|
|
|
f332ec |
- Fixed incorrect JNI_JAR_DIR.
|
|
|
f332ec |
|
|
|
f332ec |
* Sat May 4 2013 Ade Lee <alee@redhat.com> 10.0.2-4
|
|
|
f332ec |
- TRAC Ticket 605 Junit internal function used in TestRunner,
|
|
|
f332ec |
breaks F19 build
|
|
|
f332ec |
|
|
|
f332ec |
* Sat May 4 2013 Ade Lee <alee@redhat.com> 10.0.2-3
|
|
|
f332ec |
- TRAC Ticket 604 Added fallback methods for pkispawn tests
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Apr 29 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-2
|
|
|
f332ec |
- Added default pki.conf in /usr/share/pki/etc
|
|
|
f332ec |
- Create upgrade tracker on install and remove it on uninstall
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Apr 26 2013 Ade Lee <alee@redhat.com> 10.0.2-1
|
|
|
f332ec |
- Change release number for official release.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Apr 25 2013 Ade Lee <alee@redhat.com> 10.0.2-0.8
|
|
|
f332ec |
- Added %pretrans script for f19
|
|
|
f332ec |
- Added java-atk-wrapper dependency
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Apr 24 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.7
|
|
|
f332ec |
- Added pki-server-upgrade script and pki.server module.
|
|
|
f332ec |
- Call upgrade scripts in %post for pki-base and pki-server.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Apr 23 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.6
|
|
|
f332ec |
- Added dependency on commons-io.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Apr 22 2013 Ade Lee <alee@redhat.com> 10.0.2-0.5
|
|
|
f332ec |
- Add /var/log/pki and /var/lib/pki directories
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Apr 16 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.4
|
|
|
f332ec |
- Run pki-upgrade on post server installation.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Apr 15 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.3
|
|
|
f332ec |
- Added dependency on python-lxml.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.2
|
|
|
f332ec |
- Added pki-upgrade script.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.1
|
|
|
f332ec |
- Updated version number to 10.0.2-0.1.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Apr 5 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-9
|
|
|
f332ec |
- Renamed base/deploy to base/server.
|
|
|
f332ec |
- Moved pki.conf into pki-base.
|
|
|
f332ec |
- Removed redundant pki/server folder declaration.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Mar 19 2013 Ade Lee <alee@redhat.com> 10.0.1-8
|
|
|
f332ec |
- Removed jython dependency
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Mar 11 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-7
|
|
|
f332ec |
- Added minimum python-requests version.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 8 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-6
|
|
|
f332ec |
- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Mar 7 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-5
|
|
|
f332ec |
- Added dependency on python-requests.
|
|
|
f332ec |
- Reorganized Python module packaging.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Mar 7 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-4
|
|
|
f332ec |
- Added dependency on python-ldap.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Mar 4 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-3
|
|
|
f332ec |
- TRAC Ticket #517 - Clean up theme dependencies
|
|
|
f332ec |
- TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 1 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-2
|
|
|
f332ec |
- Removed runtime dependency on 'pki-server-theme' to resolve
|
|
|
f332ec |
Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Jan 15 2013 Ade Lee <alee@redhat.com> 10.0.1-1
|
|
|
f332ec |
- TRAC Ticket 214 - Missing error description for duplicate user
|
|
|
f332ec |
- TRAC Ticket 213 - Add nonces for cert revocation
|
|
|
f332ec |
- TRAC Ticket 367 - pkidestroy does not remove connector
|
|
|
f332ec |
- TRAC Ticket #430 - License for 3rd party code
|
|
|
f332ec |
- Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP
|
|
|
f332ec |
- Fix spec file to allow f17 to work with latest tomcatjss
|
|
|
f332ec |
- TRAC Ticket 466 - Increase root CA validity to 20 years
|
|
|
f332ec |
- TRAC Ticket 469 - Fix tomcatjss issue in spec files
|
|
|
f332ec |
- TRAC Ticket 468 - pkispawn throws exception
|
|
|
f332ec |
- TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes
|
|
|
f332ec |
- TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .
|
|
|
f332ec |
- TRAC Ticket 437 - Make admin cert p12 file location configurable
|
|
|
f332ec |
- TRAC Ticket 393 - pkispawn fails when selinux is disabled
|
|
|
f332ec |
- Punctuation and formatting changes in man pages
|
|
|
f332ec |
- Revert to using default config file for pkidestroy
|
|
|
f332ec |
- Hardcode setting of resteasy-lib for instance
|
|
|
f332ec |
- TRAC Ticket 436 - Interpolation for pki_subsystem
|
|
|
f332ec |
- TRAC Ticket 433 - Interpolation for paths
|
|
|
f332ec |
- TRAC Ticket 435 - Identical instance id and instance name
|
|
|
f332ec |
- TRAC Ticket 406 - Replace file dependencies with package dependencies
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Jan 9 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-5
|
|
|
f332ec |
- TRAC Ticket #430 - License for 3rd party code
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Jan 4 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-4
|
|
|
f332ec |
- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and
|
|
|
f332ec |
dogtag-pki.spec . . .
|
|
|
f332ec |
- TRAC Ticket #468 - pkispawn throws exception
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Dec 12 2012 Ade Lee <alee@redhat.com> 10.0.0-3
|
|
|
f332ec |
- Replaced file dependencies with package dependencies
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Dec 10 2012 Ade Lee <alee@redhat.com> 10.0.0-2
|
|
|
f332ec |
- Updated man pages
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Dec 7 2012 Ade Lee <alee@redhat.com> 10.0.0-1
|
|
|
f332ec |
- Update to official release for rc1
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Dec 6 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.56.b3
|
|
|
f332ec |
- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy.
|
|
|
f332ec |
- Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Dec 6 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.55.b3
|
|
|
f332ec |
- Added system-wide configuration /etc/pki/pki.conf.
|
|
|
f332ec |
- Removed redundant lines in %files.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Dec 4 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3
|
|
|
f332ec |
- Moved default deployment configuration to /etc/pki.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3
|
|
|
f332ec |
- Cleaned up spec file to provide only support rhel 7+, f17+
|
|
|
f332ec |
- Added resteasy-base dependency for rhel 7
|
|
|
f332ec |
- Update cmake version
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Nov 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.52.b3
|
|
|
f332ec |
- Update release to b3
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Nov 9 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.51.b2
|
|
|
f332ec |
- Removed dependency on CA, KRA, OCSP, TKS theme packages.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Nov 8 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.50.b2
|
|
|
f332ec |
- Renamed pki-common-theme to pki-server-theme.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Nov 8 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.49.b2
|
|
|
f332ec |
- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
|
|
|
f332ec |
'pki-server'
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 29 2012 Ade Lee <alee@redhat.com> 10.0.0-0.48.b2
|
|
|
f332ec |
- Update release to b2
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Oct 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.47.b1
|
|
|
f332ec |
- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.46.b1
|
|
|
f332ec |
- Added Obsoletes for pki-selinux
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.45.b1
|
|
|
f332ec |
- Remove build of pki-selinux for f18, use system policy instead
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Oct 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.44.b1
|
|
|
f332ec |
- Update required tomcatjss version
|
|
|
f332ec |
- Added net-tools dependency
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.43.b1
|
|
|
f332ec |
- Update selinux-policy version to fix error from latest policy changes
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.42.b1
|
|
|
f332ec |
- Fix typo in selinux policy versions
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.41.b1
|
|
|
f332ec |
- Added build requires for correct version of selinux-policy-devel
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.40.b1
|
|
|
f332ec |
- Update release to b1
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.40.a2
|
|
|
f332ec |
- Merged pki-silent into pki-server.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.39.a2
|
|
|
f332ec |
- Renamed "shared" folder to "server".
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Oct 5 2012 Ade Lee <alee@redhat.com> 10.0.0-0.38.a2
|
|
|
f332ec |
- Added required selinux versions for new policy.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Oct 2 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.37.a2
|
|
|
f332ec |
- Added Provides to packages replacing obsolete packages.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Oct 1 2012 Ade Lee <alee@redhat.com> 10.0.0-0.36.a2
|
|
|
f332ec |
- Update release to a2
|
|
|
f332ec |
|
|
|
f332ec |
* Sun Sep 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.36.a1
|
|
|
f332ec |
- Modified CMake to use RPM version number
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Sep 25 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.35.a1
|
|
|
f332ec |
- Added VERSION file
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Sep 24 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.34.a1
|
|
|
f332ec |
- Merged pki-setup into pki-server
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Sep 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.33.a1
|
|
|
f332ec |
- Added Conflicts for IPA 2.X
|
|
|
f332ec |
- Added build requires for zip to work around mock problem
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Sep 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.32.a1
|
|
|
f332ec |
- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances
|
|
|
f332ec |
upon RPM "update" . . .
|
|
|
f332ec |
- TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy"
|
|
|
f332ec |
from /usr/bin to /usr/sbin . . .
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Sep 12 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.31.a1
|
|
|
f332ec |
- Fixed pki-server to include everything in shared dir.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Sep 11 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.30.a1
|
|
|
f332ec |
- Added build dependency on redhat-rpm-config.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.29.a1
|
|
|
f332ec |
- Merged Javadoc packages.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.28.a1
|
|
|
f332ec |
- Added pki-tomcat.jar.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.27.a1
|
|
|
f332ec |
- Moved webapp creation code into pkispawn.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.26.a1
|
|
|
f332ec |
- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.25.a1
|
|
|
f332ec |
- Merged pki-native-tools and pki-java-tools into pki-tools.
|
|
|
f332ec |
- Modified pki-server to depend on pki-tools.
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.24.a1
|
|
|
f332ec |
- Split pki-common into pki-base and pki-server.
|
|
|
f332ec |
- Merged pki-util into pki-base.
|
|
|
f332ec |
- Merged pki-deploy into pki-server.
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Aug 16 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.23.a1
|
|
|
f332ec |
- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17
|
|
|
f332ec |
- Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy'
|
|
|
f332ec |
- Altered PKI Package Dependency Chain (top-to-bottom):
|
|
|
f332ec |
pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Aug 13 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.22.a1
|
|
|
f332ec |
- Added pki-client.jar.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Jul 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.21.a1
|
|
|
f332ec |
- Merged pki-jndi-realm.jar into pki-cmscore.jar.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Jul 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.20.a1
|
|
|
f332ec |
- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully
|
|
|
f332ec |
via mock on Fedora 17 . . .
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Jul 11 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.19.a1
|
|
|
f332ec |
- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Jun 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.18.a1
|
|
|
f332ec |
- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18
|
|
|
f332ec |
|
|
|
f332ec |
* Tue May 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.17.a1
|
|
|
f332ec |
- Added CLI for REST services
|
|
|
f332ec |
|
|
|
f332ec |
* Fri May 18 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.16.a1
|
|
|
f332ec |
- Integration of Tomcat 7
|
|
|
f332ec |
- Addition of centralized 'pki-tomcatd' systemd functionality to the
|
|
|
f332ec |
PKI Deployment strategy
|
|
|
f332ec |
- Removal of 'pki_flavor' attribute
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Apr 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.15.a1
|
|
|
f332ec |
- BZ 813075 - selinux denial for file size access
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Apr 5 2012 Christina Fu <cfu@redhat.com> 10.0.0-0.14.a1
|
|
|
f332ec |
- Bug 745278 - [RFE] ECC encryption keys cannot be archived
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Mar 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.13.a1
|
|
|
f332ec |
- Replaced candlepin-deps with resteasy
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.12.a1
|
|
|
f332ec |
- Added option to build without Javadoc
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.11.a1
|
|
|
f332ec |
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
|
|
|
f332ec |
- Corrected patch selected for selinux f17 rules
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Mar 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.10.a1
|
|
|
f332ec |
- Corrected 'junit' dependency check
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Mar 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.9.a1
|
|
|
f332ec |
- Initial attempt at PKI deployment framework described in
|
|
|
f332ec |
'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 09 2012 Jack Magne <jmagne@redhat.com> 10.0.0-0.8.a1
|
|
|
f332ec |
- Added support for pki-jndi-realm in tomcat6 in pki-common
|
|
|
f332ec |
and pki-kra.
|
|
|
f332ec |
- Ticket #69.
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 2 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.7.a1
|
|
|
f332ec |
- For 'mock' purposes, removed platform-specific logic from around
|
|
|
f332ec |
the 'patch' files so that ALL 'patch' files will be included in
|
|
|
f332ec |
the SRPM.
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Feb 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.6.a1
|
|
|
f332ec |
- Removed dependency on OSUtil.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Feb 28 2012 Ade Lee <alee@redhat.com> 10.0.0-0.5.a1
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Added platform-dependent patches for SELinux component
|
|
|
f332ec |
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
|
|
|
f332ec |
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Feb 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.4.a1
|
|
|
f332ec |
- Added dependency on Apache Commons Codec.
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Feb 22 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.3.a1
|
|
|
f332ec |
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
|
|
|
f332ec |
in fundamental path structure in Fedora 17
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Hard-code Perl dependencies to protect against bugs such as
|
|
|
f332ec |
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
|
|
|
f332ec |
changed file 5.10 magics
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Feb 20 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.2.a1
|
|
|
f332ec |
- Integrated 'pki-kra' into 'pki-core'
|
|
|
f332ec |
- Integrated 'pki-ocsp' into 'pki-core'
|
|
|
f332ec |
- Integrated 'pki-tks' into 'pki-core'
|
|
|
f332ec |
- Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
|
|
|
f332ec |
- Updated package version number
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Jan 16 2012 Ade Lee <alee@redhat.com> 9.0.16-3
|
|
|
f332ec |
- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Nov 28 2011 Endi S. Dewata <edewata@redhat.com> 9.0.16-2
|
|
|
f332ec |
- Added JUnit tests
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.16-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
|
|
|
f332ec |
wrapping unwrapping keys should be done in the token (cfu)
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
|
|
|
f332ec |
the in-place upgrade( CS 8.0->8.1) (cfu)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
|
|
|
f332ec |
wrapping unwrapping keys should be done in the token (cfu)
|
|
|
f332ec |
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
|
|
|
f332ec |
(rawhide) . . . (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
|
|
|
f332ec |
OCSP, and TKS package installation . . . (mharmsen)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.15-1
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
|
|
|
f332ec |
mode (cfu)
|
|
|
f332ec |
- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
|
|
|
f332ec |
(hsm+NSS). (jmagne)
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
|
|
|
f332ec |
mode (cfu)
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
|
|
|
f332ec |
mode (cfu)
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
|
|
|
f332ec |
mode (cfu)
|
|
|
f332ec |
- Bugzilla Bug #737218 - Incorrect request attribute name matching
|
|
|
f332ec |
ignores request attributes during request parsing. (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
|
|
|
f332ec |
(hsm+NSS). (jmagne)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #712931 - CS requires too many ports
|
|
|
f332ec |
to be open in the FW (alee)
|
|
|
f332ec |
- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
|
|
|
f332ec |
mode (cfu)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #739201 - pkisilent does not take arch into account
|
|
|
f332ec |
as Java packages migrated to arch-dependent directories (mharmsen)
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Sep 9 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.14-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.13-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Aug 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.12-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #712931 - CS requires too many ports
|
|
|
f332ec |
to be open in the FW (alee)
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
|
|
|
f332ec |
issues (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #700522 - pki tomcat6 instances currently running
|
|
|
f332ec |
unconfined, allow server to come up when selinux disabled (alee)
|
|
|
f332ec |
- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
|
|
|
f332ec |
correctly when subsystem cloned (using hsm) (alee)
|
|
|
f332ec |
- Bugzilla Bug #712931 - CS requires too many ports
|
|
|
f332ec |
to be open in the FW (alee)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #712931 - CS requires too many ports
|
|
|
f332ec |
to be open in the FW (alee)
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #712931 - CS requires too many ports
|
|
|
f332ec |
to be open in the FW (alee)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Aug 10 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.11-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
|
|
|
f332ec |
time - remove the inefficient sleeps (alee)
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
|
|
|
f332ec |
renumbering "cn=<value>" (mharmsen)
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
|
|
|
f332ec |
(jmagne, awnuk)
|
|
|
f332ec |
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
|
|
|
f332ec |
time - remove the inefficient sleeps (alee)
|
|
|
f332ec |
- Bugzilla Bug #708075 - Clone installation does not work over NAT
|
|
|
f332ec |
(alee)
|
|
|
f332ec |
- Bugzilla Bug #726785 - If replication fails while setting up a clone
|
|
|
f332ec |
it will wait forever (alee)
|
|
|
f332ec |
- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
|
|
|
f332ec |
unconfined (alee)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #700505 - pki tomcat6 instances currently running
|
|
|
f332ec |
unconfined (alee)
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
|
|
|
f332ec |
in IPA profile (awnuk)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
|
|
|
f332ec |
time - remove the inefficient sleeps (alee)
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Jul 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.10-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
|
|
|
f332ec |
using an ECC CA to generate ECC certs from CRMF. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
|
|
|
f332ec |
for any component value which is equal to its default value (alee)
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
|
|
|
f332ec |
throws Token not found error. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
|
|
|
f332ec |
using an ECC CA to generate ECC certs from CRMF. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
|
|
|
f332ec |
for any component value which is equal to its default value (alee)
|
|
|
f332ec |
- Bugzilla Bug #722989 - Registering an agent when a subsystem is
|
|
|
f332ec |
created - does not log AUTHZ_SUCCESS event. (alee)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
|
|
|
f332ec |
(awnuk)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.9-1
|
|
|
f332ec |
- Updated release of 'jss'
|
|
|
f332ec |
- Updated release of 'tomcatjss' for Fedora 15
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
|
|
|
f332ec |
(jdennis)
|
|
|
f332ec |
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #717765 - TPS configuration: logging into security domain
|
|
|
f332ec |
from tps does not work with clientauth=want. (alee)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
|
|
|
f332ec |
processing) (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system
|
|
|
f332ec |
logs throws 'Invalid protocol' for OCSP subsystems (alee)
|
|
|
f332ec |
- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
|
|
|
f332ec |
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
|
|
|
f332ec |
populated in the CA signedAudit messages (alee)
|
|
|
f332ec |
- Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
|
|
|
f332ec |
populated in the CA signedAudit messages (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
|
|
|
f332ec |
- Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
|
|
|
f332ec |
SubjectID=$Unidentified$ fails audit evaluation (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
|
|
|
f332ec |
subsequent SCEP requests. (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #661142 - Verification should fail when a revoked
|
|
|
f332ec |
certificate is added. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
|
|
|
f332ec |
for modify/add (alee)
|
|
|
f332ec |
- Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
|
|
|
f332ec |
- Bugzilla Bug #707607 - Published certificate summary has list of
|
|
|
f332ec |
non-published certificates with succeeded status (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
|
|
|
f332ec |
for tps and ca on server shutdown (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #697939 - DRM signed audit log message - operation should
|
|
|
f332ec |
be read instead of modify (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #718427 - When audit log is full, server continue to
|
|
|
f332ec |
function. (alee)
|
|
|
f332ec |
- Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
|
|
|
f332ec |
CA's signedaudit log when a directory based user enrollment is
|
|
|
f332ec |
performed (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #720503 - RA and TPS require additional SELinux
|
|
|
f332ec |
permissions to run in "Enforcing" mode (alee)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
|
|
|
f332ec |
(jdennis)
|
|
|
f332ec |
- Bugzilla Bug #699837 - service command is not fully backwards
|
|
|
f332ec |
compatible with Dogtag pki subsystems (mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
|
|
|
f332ec |
administrator group. (jmagne)
|
|
|
f332ec |
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
|
|
|
f332ec |
for modify/add (alee)
|
|
|
f332ec |
- Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
|
|
|
f332ec |
pages (alee)
|
|
|
f332ec |
- Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
|
|
|
f332ec |
for a revocation invoked by EE user (awnuk)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
(mharmsen)
|
|
|
f332ec |
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
|
|
|
f332ec |
|
|
|
f332ec |
* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-2
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Added 'DRMTool.cfg' configuration file to inventory
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #532548 - Tool to do DRM re-key
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
|
|
|
f332ec |
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs
|
|
|
f332ec |
throws 'Invalid protocol' for OCSP subsystems
|
|
|
f332ec |
- Bugzilla Bug #694569 - parameter used by pkiremove not updated
|
|
|
f332ec |
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
|
|
|
f332ec |
populated in the CA signedAudit messages
|
|
|
f332ec |
- Bugzilla Bug #694143 - CA Agent not returning specified request
|
|
|
f332ec |
- Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
|
|
|
f332ec |
populated in the CA signedAudit messages
|
|
|
f332ec |
- Bugzilla Bug #698885 - Race conditions during IPA installation
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
|
|
|
f332ec |
- Bugzilla Bug #699837 - service command is not fully backwards compatible
|
|
|
f332ec |
with Dogtag pki subsystems
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Mon Apr 11 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-2
|
|
|
f332ec |
- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1
|
|
|
f332ec |
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
|
|
|
f332ec |
- Bugzilla Bug #693327 - Missing requires: tomcatjss
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #690626 - pkiremove removes the registry entry for
|
|
|
f332ec |
all instances on a machine
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port
|
|
|
f332ec |
throws file not found exception.
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #692990 - Audit log messages needed to match CC doc:
|
|
|
f332ec |
DRM Recovery audit log messages
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-2
|
|
|
f332ec |
- Bugzilla Bug #693327 - Missing requires: tomcatjss
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-1
|
|
|
f332ec |
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
|
|
|
f332ec |
- Require "jss >= 4.2.6-15" as a build and runtime requirement
|
|
|
f332ec |
- Require "tomcatjss >= 2.1.1" as a build and runtime requirement
|
|
|
f332ec |
for Fedora 15 and later platforms
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #688287 - Add "deprecation" notice regarding using
|
|
|
f332ec |
"shared ports" in pkicreate -help . . .
|
|
|
f332ec |
- Bugzilla Bug #688251 - Dogtag installation under IPA takes
|
|
|
f332ec |
too much time - SELinux policy compilation
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple
|
|
|
f332ec |
extensions
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #683581 - CA configuration with ECC(Default
|
|
|
f332ec |
EC curve-nistp521) CA fails with 'signing operation failed'
|
|
|
f332ec |
- Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled
|
|
|
f332ec |
on the EE port
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #684871 - ldaps selinux link change
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #683581 - CA configuration with ECC(Default
|
|
|
f332ec |
EC curve-nistp521) CA fails with 'signing operation failed'
|
|
|
f332ec |
- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
|
|
|
f332ec |
- Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port
|
|
|
f332ec |
throws file not found exception.(profile and CS.cfg only)
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Mar 17 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1
|
|
|
f332ec |
- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
|
|
|
f332ec |
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
|
|
|
f332ec |
instance
|
|
|
f332ec |
- Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #678157 - uninitialized variable warnings from Perl
|
|
|
f332ec |
- Bugzilla Bug #679574 - Velocity fails to load all dependent classes
|
|
|
f332ec |
- Bugzilla Bug #680420 - xml-commons-apis.jar dependency
|
|
|
f332ec |
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's
|
|
|
f332ec |
classpath
|
|
|
f332ec |
- Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library
|
|
|
f332ec |
name for SafeNet LunaSA
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #673638 - Installation within IPA hangs
|
|
|
f332ec |
- Bugzilla Bug #678715 - netstat loop fixes needed
|
|
|
f332ec |
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
|
|
|
f332ec |
getStats servlet
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #674195: SELinux error message thrown during token
|
|
|
f332ec |
enrollment
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #673638 - Installation within IPA hangs
|
|
|
f332ec |
- Bugzilla Bug #673609 - CC: authorize() call needs to be added to
|
|
|
f332ec |
getStats servlet
|
|
|
f332ec |
- Bugzilla Bug #676330 - init script cannot start service
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's
|
|
|
f332ec |
classpath
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Feb 9 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-2
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
|
|
|
f332ec |
instance
|
|
|
f332ec |
- Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
|
|
|
f332ec |
instance
|
|
|
f332ec |
|
|
|
f332ec |
* Fri Feb 4 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #674894 - ipactl restart : an annoy output line
|
|
|
f332ec |
- Bugzilla Bug #675179 - ipactl restart : an annoy output line
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Feb 3 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
|
|
|
f332ec |
- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #673638 - Installation within IPA hangs
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
|
|
|
f332ec |
by 'netscape.security.provider' package
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
|
|
|
f332ec |
"Manual User Dual-Use Certificate Enrollment"
|
|
|
f332ec |
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
|
|
|
f332ec |
error.
|
|
|
f332ec |
- Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
|
|
|
f332ec |
"begin" state instead of "complete".
|
|
|
f332ec |
- Bugzilla Bug #504055 - SCEP requests are not properly populated
|
|
|
f332ec |
- Bugzilla Bug #564207 - Searches for completed requests in the agent
|
|
|
f332ec |
interface returns zero entries
|
|
|
f332ec |
- Bugzilla Bug #672291 - CA is not publishing certificates issued using
|
|
|
f332ec |
"Manual User Dual-Use Certificate Enrollment" -
|
|
|
f332ec |
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
|
|
|
f332ec |
by 'netscape.security.provider' package
|
|
|
f332ec |
- Bugzilla Bug #672920 - CA console: adding policy to a profile throws
|
|
|
f332ec |
'Duplicate policy' error in some cases.
|
|
|
f332ec |
- Bugzilla Bug #673199 - init script returns control before web apps have
|
|
|
f332ec |
started
|
|
|
f332ec |
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
|
|
|
f332ec |
subsystem instances
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #504013 - sscep request is rejected due to authentication
|
|
|
f332ec |
error if submitted through one time pin router certificate enrollment.
|
|
|
f332ec |
- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
|
|
|
f332ec |
information
|
|
|
f332ec |
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
|
|
|
f332ec |
as part of CC interface review
|
|
|
f332ec |
- Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
|
|
|
f332ec |
- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
|
|
|
f332ec |
subsystem instances
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
|
|
|
f332ec |
by 'netscape.security.provider' package
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Feb 2 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-3
|
|
|
f332ec |
- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files
|
|
|
f332ec |
in /var/run and /var/lock
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Jan 20 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-2
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- Bugzilla Bug #671265 - pki-symkey jar version incorrect
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #564207 - Searches for completed requests in the agent
|
|
|
f332ec |
interface returns zero entries
|
|
|
f332ec |
|
|
|
f332ec |
* Tue Jan 18 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
|
|
|
f332ec |
- Allow 'pki-native-tools' to be installed independently of 'pki-setup'
|
|
|
f332ec |
- Removed explicit 'pki-setup' requirement from 'pki-ca'
|
|
|
f332ec |
(since it already requires 'pki-common')
|
|
|
f332ec |
- 'pki-setup'
|
|
|
f332ec |
- Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group
|
|
|
f332ec |
- Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
|
|
|
f332ec |
and TKS.
|
|
|
f332ec |
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
|
|
|
f332ec |
fowarding for agent services
|
|
|
f332ec |
- Bugzilla Bug #632425 - Port to tomcat6
|
|
|
f332ec |
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
|
|
|
f332ec |
OpenLDAP instead of the Mozldap
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
|
|
|
f332ec |
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
|
|
|
f332ec |
javadocs
|
|
|
f332ec |
- Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*,
|
|
|
f332ec |
pkicreate fails Fedora 14 and above
|
|
|
f332ec |
- Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
|
|
|
f332ec |
repository
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- 'pki-symkey'
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #644056 - CS build contains warnings
|
|
|
f332ec |
- 'pki-native-tools'
|
|
|
f332ec |
- template change
|
|
|
f332ec |
- Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
|
|
|
f332ec |
OpenLDAP instead of the Mozldap
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #644056 - CS build contains warnings
|
|
|
f332ec |
- 'pki-util'
|
|
|
f332ec |
- Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
|
|
|
f332ec |
cannot be set to true
|
|
|
f332ec |
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
|
|
|
f332ec |
empty packages
|
|
|
f332ec |
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
|
|
|
f332ec |
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
|
|
|
f332ec |
senderNonce in all signed SCEP responses.
|
|
|
f332ec |
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
|
|
|
f332ec |
attack in SCEP
|
|
|
f332ec |
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
|
|
|
f332ec |
for signing SCEP response messages.
|
|
|
f332ec |
- Bugzilla Bug #635033 - At installation wizard selecting key types other
|
|
|
f332ec |
than CA's signing cert will fail
|
|
|
f332ec |
- Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
|
|
|
f332ec |
CS interface
|
|
|
f332ec |
- Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
|
|
|
f332ec |
ASN.1 encoding/decoding is broken
|
|
|
f332ec |
- Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
|
|
|
f332ec |
encoding/decoding is incomplete
|
|
|
f332ec |
- Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
|
|
|
f332ec |
encoding/decoding is incomplete
|
|
|
f332ec |
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
|
|
|
f332ec |
policy extension to 5 only
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
|
|
|
f332ec |
javadocs
|
|
|
f332ec |
- Bugzilla Bug #658188 - remove remaining references to tomcat5
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- Bugzilla Bug #223319 - Certificate Status inconsistency between token
|
|
|
f332ec |
db and CA
|
|
|
f332ec |
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
|
|
|
f332ec |
During CRL Generation
|
|
|
f332ec |
- 'pki-java-tools'
|
|
|
f332ec |
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
|
|
|
f332ec |
empty packages
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
|
|
|
f332ec |
javadocs
|
|
|
f332ec |
- Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
|
|
|
f332ec |
5000 bytes
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- 'pki-common'
|
|
|
f332ec |
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
|
|
|
f332ec |
- Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
|
|
|
f332ec |
started before configuration completed
|
|
|
f332ec |
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
|
|
|
f332ec |
logs in the java subsystems
|
|
|
f332ec |
- Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
|
|
|
f332ec |
policy mappings (seem hardcoded)
|
|
|
f332ec |
- Bugzilla Bug #224945 - javadocs has missing descriptions, contains
|
|
|
f332ec |
empty packages
|
|
|
f332ec |
- Bugzilla Bug #548699 - subCA's admin certificate should be generated by
|
|
|
f332ec |
itself
|
|
|
f332ec |
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
|
|
|
f332ec |
- Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
|
|
|
f332ec |
caAgentServerCert (null cert_request)
|
|
|
f332ec |
- Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
|
|
|
f332ec |
number of times
|
|
|
f332ec |
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
|
|
|
f332ec |
as part of CC interface review
|
|
|
f332ec |
- Bugzilla Bug #629677 - TPS: token enrollment fails.
|
|
|
f332ec |
- Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
|
|
|
f332ec |
in a SCEP request
|
|
|
f332ec |
- Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
|
|
|
f332ec |
pools not reliable - improve connections or discovery
|
|
|
f332ec |
- Bugzilla Bug #629769 - password decryption logs plain text password
|
|
|
f332ec |
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
|
|
|
f332ec |
CC - interface review
|
|
|
f332ec |
- Bugzilla Bug #632425 - Port to tomcat6
|
|
|
f332ec |
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
|
|
|
f332ec |
OCSP console for renewing SSL Server certificate.
|
|
|
f332ec |
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
|
|
|
f332ec |
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
|
|
|
f332ec |
senderNonce in all signed SCEP responses.
|
|
|
f332ec |
- Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
|
|
|
f332ec |
security relevant config items
|
|
|
f332ec |
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
|
|
|
f332ec |
generated on TKS instead of TPS.
|
|
|
f332ec |
- Bugzilla Bug #489342 -
|
|
|
f332ec |
com.netscape.cms.servlet.common.CMCOutputTemplate.java
|
|
|
f332ec |
doesn't support EC
|
|
|
f332ec |
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
|
|
|
f332ec |
disable a CA that it serves
|
|
|
f332ec |
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
|
|
|
f332ec |
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
|
|
|
f332ec |
attack in SCEP
|
|
|
f332ec |
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
|
|
|
f332ec |
for signing SCEP response messages.
|
|
|
f332ec |
- Bugzilla Bug #635033 - At installation wizard selecting key types other
|
|
|
f332ec |
than CA's signing cert will fail
|
|
|
f332ec |
- Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
|
|
|
f332ec |
for SCEP signing and encryption.
|
|
|
f332ec |
- Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
|
|
|
f332ec |
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
|
|
|
f332ec |
by Reason Code - onlySomeReasons ?
|
|
|
f332ec |
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
|
|
|
f332ec |
verification functions (JAVA subsystems)
|
|
|
f332ec |
- Bugzilla Bug #223313 - should do random generated IV param
|
|
|
f332ec |
for symmetric keys
|
|
|
f332ec |
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
|
|
|
f332ec |
fowarding for agent services
|
|
|
f332ec |
- Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
|
|
|
f332ec |
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
|
|
|
f332ec |
ECC curve names (not on key sizes).
|
|
|
f332ec |
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
|
|
|
f332ec |
Certificates from the Same Request
|
|
|
f332ec |
- Bugzilla Bug #648757 - expose and use updated cert verification
|
|
|
f332ec |
function in JSS
|
|
|
f332ec |
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
|
|
|
f332ec |
of signature algorithm; and for ECC curves
|
|
|
f332ec |
- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
|
|
|
f332ec |
e.c. support
|
|
|
f332ec |
- Bugzilla Bug #651040 - cloning shoud not include sslserver
|
|
|
f332ec |
- Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
|
|
|
f332ec |
CS.cfg files imcomplete when the cert is stored on a hsm
|
|
|
f332ec |
- Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
|
|
|
f332ec |
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
|
|
|
f332ec |
to talk to CA and complete configuration in DonePanel
|
|
|
f332ec |
- Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
|
|
|
f332ec |
is added
|
|
|
f332ec |
- Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
|
|
|
f332ec |
auditing
|
|
|
f332ec |
- Bugzilla Bug #489385 - references to rhpki
|
|
|
f332ec |
- Bugzilla Bug #499494 - change CA defaults to SHA2
|
|
|
f332ec |
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
|
|
|
f332ec |
policy extension to 5 only
|
|
|
f332ec |
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
|
|
|
f332ec |
an administrator group.
|
|
|
f332ec |
- Bugzilla Bug #632425 - Port to tomcat6
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
|
|
|
f332ec |
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
|
|
|
f332ec |
as expected
|
|
|
f332ec |
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
|
|
|
f332ec |
validity
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
|
|
|
f332ec |
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
|
|
|
f332ec |
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
|
|
|
f332ec |
- Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
|
|
|
f332ec |
error to TPS even if certificate in question is already revoked.
|
|
|
f332ec |
- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
|
|
|
f332ec |
in the console
|
|
|
f332ec |
- Bugzilla Bug #661514 - CMAKE build system requires rules to make
|
|
|
f332ec |
javadocs
|
|
|
f332ec |
- Bugzilla Bug #658188 - remove remaining references to tomcat5
|
|
|
f332ec |
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
|
|
|
f332ec |
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
|
|
|
f332ec |
pkiCA, obsolete 2252 and 2256
|
|
|
f332ec |
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- Bugzilla Bug #661142 - Verification should fail when
|
|
|
f332ec |
a revoked certificate is added
|
|
|
f332ec |
- Bugzilla Bug #642741 - CS build uses deprecated functions
|
|
|
f332ec |
- Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
|
|
|
f332ec |
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
|
|
|
f332ec |
interface is no longer available through console
|
|
|
f332ec |
- 'pki-selinux'
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
|
|
|
f332ec |
selinux changes
|
|
|
f332ec |
- 'pki-ca'
|
|
|
f332ec |
- Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
|
|
|
f332ec |
- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
|
|
|
f332ec |
logs in the java subsystems
|
|
|
f332ec |
- Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
|
|
|
f332ec |
- Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
|
|
|
f332ec |
CC interface doc review
|
|
|
f332ec |
- Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with
|
|
|
f332ec |
admin privilege throws error "You are not authorized to perform this
|
|
|
f332ec |
operation".
|
|
|
f332ec |
- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
|
|
|
f332ec |
as part of CC interface review
|
|
|
f332ec |
- Bugzilla Bug #583823 - CC: Auditing issues found as result of
|
|
|
f332ec |
CC - interface review
|
|
|
f332ec |
- Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
|
|
|
f332ec |
'Internal Server Error'.
|
|
|
f332ec |
- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
|
|
|
f332ec |
OCSP console for renewing SSL Server certificate.
|
|
|
f332ec |
- Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
|
|
|
f332ec |
- Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
|
|
|
f332ec |
senderNonce in all signed SCEP responses.
|
|
|
f332ec |
- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
|
|
|
f332ec |
generated on TKS instead of TPS.
|
|
|
f332ec |
- Bugzilla Bug #630121 - OCSP responder lacking option to delete or
|
|
|
f332ec |
disable a CA that it serves
|
|
|
f332ec |
- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
|
|
|
f332ec |
- Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
|
|
|
f332ec |
attack in SCEP
|
|
|
f332ec |
- Bugzilla Bug #621334 - Provide an option to set default hash algorithm
|
|
|
f332ec |
for signing SCEP response messages.
|
|
|
f332ec |
- Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
|
|
|
f332ec |
by Reason Code - onlySomeReasons ?
|
|
|
f332ec |
- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
|
|
|
f332ec |
verification functions (JAVA subsystems)
|
|
|
f332ec |
- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
|
|
|
f332ec |
fowarding for agent services
|
|
|
f332ec |
- Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
|
|
|
f332ec |
ECC curve names (not on key sizes).
|
|
|
f332ec |
- Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
|
|
|
f332ec |
Certificates from the Same Request
|
|
|
f332ec |
- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
|
|
|
f332ec |
of signature algorithm; and for ECC curves
|
|
|
f332ec |
- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
|
|
|
f332ec |
release -- DRM and TKS do not seem to have CRL checking enabled
|
|
|
f332ec |
- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
|
|
|
f332ec |
correctly set up CC environment
|
|
|
f332ec |
- Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
|
|
|
f332ec |
certificates (RFC 4262)
|
|
|
f332ec |
- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
|
|
|
f332ec |
to talk to CA and complete configuration in DonePanel
|
|
|
f332ec |
- Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
|
|
|
f332ec |
signing support in RHCS
|
|
|
f332ec |
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
|
|
|
f332ec |
- Bugzilla Bug #489385 - references to rhpki
|
|
|
f332ec |
- Bugzilla Bug #499494 - change CA defaults to SHA2
|
|
|
f332ec |
- Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
|
|
|
f332ec |
policy extension to 5 only
|
|
|
f332ec |
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
|
|
|
f332ec |
an administrator group.
|
|
|
f332ec |
- Bugzilla Bug #632425 - Port to tomcat6
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
|
|
|
f332ec |
as expected
|
|
|
f332ec |
- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
|
|
|
f332ec |
validity
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
|
|
|
f332ec |
certs in TPS
|
|
|
f332ec |
- Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature
|
|
|
f332ec |
- Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
|
|
|
f332ec |
Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
|
|
|
f332ec |
- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
|
|
|
f332ec |
- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
|
|
|
f332ec |
pkiCA, obsolete 2252 and 2256
|
|
|
f332ec |
- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
|
|
|
f332ec |
repository
|
|
|
f332ec |
- Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- Bugzilla Bug #661142 - Verification should fail when
|
|
|
f332ec |
a revoked certificate is added
|
|
|
f332ec |
- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
|
|
|
f332ec |
usage
|
|
|
f332ec |
- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
|
|
|
f332ec |
interface is no longer available through console
|
|
|
f332ec |
- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
|
|
|
f332ec |
During CRL Generation
|
|
|
f332ec |
- 'pki-silent'
|
|
|
f332ec |
- Bugzilla Bug #627309 - pkisilent subca configuration fails.
|
|
|
f332ec |
- Bugzilla Bug #640091 - pkisilent panels need to match with changed java
|
|
|
f332ec |
subsystems
|
|
|
f332ec |
- Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
|
|
|
f332ec |
Clone.
|
|
|
f332ec |
- Bugzilla Bug #643053 - pkisilent DRM configuration fails
|
|
|
f332ec |
- Bugzilla Bug #583754 - pki-silent needs an option to configure signing
|
|
|
f332ec |
algorithm for CA certificates
|
|
|
f332ec |
- Bugzilla Bug #489385 - references to rhpki
|
|
|
f332ec |
- Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
|
|
|
f332ec |
interface
|
|
|
f332ec |
- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
|
|
|
f332ec |
- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
|
|
|
f332ec |
Panel up to before Security Domain Panel
|
|
|
f332ec |
- Bugzilla Bug #643206 - New CMake based build system for Dogtag
|
|
|
f332ec |
- Bugzilla Bug #588323 - Failed to enable cipher 0xc001
|
|
|
f332ec |
- Bugzilla Bug #656733 - Standardize jar install location and jar names
|
|
|
f332ec |
- Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
|
|
|
f332ec |
signing algorithm
|
|
|
f332ec |
- Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords
|
|
|
f332ec |
with special characters
|
|
|
f332ec |
- Bugzilla Bug #642741 - CS build uses deprecated functions
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3
|
|
|
f332ec |
- Bugzilla Bug #668839 - Review Request: pki-core
|
|
|
f332ec |
- Removed empty "pre" from "pki-ca"
|
|
|
f332ec |
- Consolidated directory ownership
|
|
|
f332ec |
- Corrected file ownership within subpackages
|
|
|
f332ec |
- Removed all versioning from NSS and NSPR packages
|
|
|
f332ec |
|
|
|
f332ec |
* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-2
|
|
|
f332ec |
- Bugzilla Bug #668839 - Review Request: pki-core
|
|
|
f332ec |
- Added component versioning comments
|
|
|
f332ec |
- Updated JSS from "4.2.6-10" to "4.2.6-12"
|
|
|
f332ec |
- Modified installation section to preserve timestamps
|
|
|
f332ec |
- Removed sectional comments
|
|
|
f332ec |
|
|
|
f332ec |
* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
|
|
|
f332ec |
- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)
|
|
|
f332ec |
|