diff --git a/.gitignore b/.gitignore
index 71256c5..2bb3dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/pki-10.9.0-a1.tar.gz
+SOURCES/pki-10.9.0-b2.tar.gz
diff --git a/.pki-core.metadata b/.pki-core.metadata
index ec73bba..0f8efb1 100644
--- a/.pki-core.metadata
+++ b/.pki-core.metadata
@@ -1 +1 @@
-7b88b43d6ab71715a8089422bee8392fdcddef1f SOURCES/pki-10.9.0-a1.tar.gz
+7a900dcf24422f7756649fbed42b6a033f9204b7 SOURCES/pki-10.9.0-b2.tar.gz
diff --git a/SOURCES/0002-acme-log-in-CAClient-when-submitting-certificate-req.patch b/SOURCES/0002-acme-log-in-CAClient-when-submitting-certificate-req.patch
deleted file mode 100644
index b5fe63d..0000000
--- a/SOURCES/0002-acme-log-in-CAClient-when-submitting-certificate-req.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a589107d8362bed238f3cdf1662914665b705c0b Mon Sep 17 00:00:00 2001
-From: Fraser Tweedale <ftweedal@redhat.com>
-Date: Wed, 27 May 2020 16:55:05 +1000
-Subject: [PATCH 1/2] acme: log in CAClient when submitting certificate request
-
-It is possible to use a lower-privileged RA account to issue
-certificates, if the target profile is set up to allow it.
-Therefore log in the user before submitting the certificate request.
----
- base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-index ecc074a5f..dd7fc3f85 100644
---- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-@@ -123,6 +123,7 @@ public class PKIIssuer extends ACMEIssuer {
- AuthorityID aid = null;
- X500Name adn = null;
-
-+ caClient.login();
- CACertClient certClient = new CACertClient(caClient);
- CertEnrollmentRequest certEnrollmentRequest = certClient.getEnrollmentTemplate(profile);
-
---
-2.21.0
-
diff --git a/SOURCES/0003-acme-PKIIssuer-handle-immediate-issuance.patch b/SOURCES/0003-acme-PKIIssuer-handle-immediate-issuance.patch
deleted file mode 100644
index 2bc9068..0000000
--- a/SOURCES/0003-acme-PKIIssuer-handle-immediate-issuance.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From bd23745577a65c3f39ed1262a0e1f5ef80ffdb5f Mon Sep 17 00:00:00 2001
-From: Fraser Tweedale <ftweedal@redhat.com>
-Date: Wed, 27 May 2020 17:05:27 +1000
-Subject: [PATCH 2/2] acme: PKIIssuer: handle immediate issuance
-
-Depending on profile configuration and user privileges, the cert
-could be immediately issued. Furthermore the user may not have
-agent permissions to review/approve a request, but a profile
-configuration could allow immediate issuance for particular
-users/groups.
-
-Therefore we must detect when the certificate was immediately issued
-and if so, skip the review/approve behaviour.
----
- .../org/dogtagpki/acme/issuer/PKIIssuer.java | 16 ++++++++++------
- 1 file changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-index dd7fc3f85..c01be6f36 100644
---- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
-@@ -159,15 +159,19 @@ public class PKIIssuer extends ACMEIssuer {
- throw new Exception("Unable to generate certificate: " + error);
- }
-
-- CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
-- certClient.approveRequest(requestId, reviewInfo);
-+ CertId id = null;
-+ if (info.getRequestStatus() == RequestStatus.COMPLETE) {
-+ id = info.getCertId();
-+ } else {
-+ CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
-+ certClient.approveRequest(requestId, reviewInfo);
-
-- info = certClient.getRequest(requestId);
-- logger.info("Serial number: " + info.getCertId().toHexString());
-+ info = certClient.getRequest(requestId);
-+ id = info.getCertId();
-+ }
-
-- CertId id = info.getCertId();
-+ logger.info("Serial number: " + id.toHexString());
- BigInteger serialNumber = id.toBigInteger();
--
- return Base64.encodeBase64URLSafeString(serialNumber.toByteArray());
- }
-
---
-2.21.0
-
diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec
index a5fa8e0..cf0485a 100644
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@@ -11,8 +11,8 @@ URL: http://www.dogtagpki.org/
License: GPLv2 and LGPLv2
Version: 10.9.0
-Release: 0.1%{?_timestamp}%{?_commit_id}%{?dist}
-%global _phase -a1
+Release: 0.4%{?_timestamp}%{?_commit_id}%{?dist}
+%global _phase -b2
# To create a tarball from a version tag:
# $ git archive \
@@ -29,8 +29,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
# > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch
Patch1: 0001-Removed-dependency-on-pytest-runner.patch
-Patch2: 0002-acme-log-in-CAClient-when-submitting-certificate-req.patch
-Patch3: 0003-acme-PKIIssuer-handle-immediate-issuance.patch
################################################################################
# NSS
@@ -161,7 +159,7 @@ BuildRequires: gcc-c++
BuildRequires: zip
BuildRequires: java-1.8.0-openjdk-devel
BuildRequires: redhat-rpm-config
-BuildRequires: ldapjdk >= 4.21.0
+BuildRequires: ldapjdk >= 4.22.0
BuildRequires: apache-commons-cli
BuildRequires: apache-commons-codec
BuildRequires: apache-commons-io
@@ -198,16 +196,9 @@ BuildRequires: resteasy-core >= 3.0.17-1
BuildRequires: resteasy-jackson2-provider >= 3.0.17-1
%endif
-%if 0%{?rhel}
-# no pylint
-%else
-BuildRequires: python3-pylint
-BuildRequires: python3-flake8 >= 2.5.4
-BuildRequires: python3-pyflakes >= 1.2.3
-%endif
-
BuildRequires: python3 >= 3.5
BuildRequires: python3-devel
+BuildRequires: python3-setuptools
BuildRequires: python3-cryptography
BuildRequires: python3-lxml
BuildRequires: python3-ldap
@@ -363,8 +354,8 @@ BuildArch: noarch
Requires: nss >= 3.36.1
-Requires: python3-pki = %{version}
-Requires(post): python3-pki = %{version}
+Requires: python3-pki = %{version}-%{release}
+Requires(post): python3-pki = %{version}-%{release}
# Ensure we end up with a useful installation
Conflicts: pki-symkey < %{version}
@@ -389,7 +380,7 @@ Provides: pki-base-python3 = %{version}
%{?python_provide:%python_provide python3-pki}
%endif
-Requires: pki-base = %{version}
+Requires: pki-base = %{version}-%{release}
Requires: python3 >= 3.5
Requires: python3-cryptography
Requires: python3-lxml
@@ -413,14 +404,15 @@ Requires: apache-commons-codec
Requires: apache-commons-io
Requires: apache-commons-lang
Requires: apache-commons-logging
+Requires: apache-commons-net
Requires: jakarta-commons-httpclient
Requires: glassfish-jaxb-api
Requires: slf4j
Requires: slf4j-jdk14
Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 4.7.0
-Requires: ldapjdk >= 4.21.0
-Requires: pki-base = %{version}
+Requires: ldapjdk >= 4.22.0
+Requires: pki-base = %{version}-%{release}
%if 0%{?rhel}
Requires: resteasy >= 3.0.26
@@ -449,7 +441,7 @@ Summary: PKI Tools Package
Requires: openldap-clients
Requires: nss-tools >= 3.36.1
-Requires: pki-base-java = %{version}
+Requires: pki-base-java = %{version}-%{release}
Requires: p11-kit-trust
# PKICertImport depends on certutil and openssl
@@ -478,8 +470,8 @@ Requires: policycoreutils
Requires: procps-ng
Requires: openldap-clients
Requires: openssl
-Requires: pki-symkey = %{version}
-Requires: pki-tools = %{version}
+Requires: pki-symkey = %{version}-%{release}
+Requires: pki-tools = %{version}-%{release}
Requires: keyutils
@@ -547,7 +539,7 @@ following PKI subsystems:
Summary: PKI CA Package
BuildArch: noarch
-Requires: pki-server = %{version}
+Requires: pki-server = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
@@ -572,7 +564,7 @@ where it obtains its own signing certificate from a public CA.
Summary: PKI KRA Package
BuildArch: noarch
-Requires: pki-server = %{version}
+Requires: pki-server = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
@@ -895,32 +887,6 @@ ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxr
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
-%if 0%{?rhel}
-# no pylint
-%else
-
-################################################################################
-echo "Scanning Python code with pylint"
-################################################################################
-
-%{python_executable} -I ../tools/pylint-build-scan.py rpm --prefix %{buildroot}
-if [ $? -ne 0 ]; then
- echo "pylint for Python 3 failed. RC: $?"
- exit 1
-fi
-
-################################################################################
-echo "Scanning Python code with flake8"
-################################################################################
-
-python3-flake8 --config ../tox.ini %{buildroot}
-if [ $? -ne 0 ]; then
- echo "flake8 for Python 3 failed. RC: $?"
- exit 1
-fi
-
-%endif
-
# with server
%endif
@@ -1350,6 +1316,12 @@ fi
################################################################################
%changelog
+* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.4
+- Rebased to PKI 10.9.0-b2
+
+* Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.3
+- Rebased to PKI 10.9.0-b1
+
* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.0-0.1
- Rebased to PKI 10.9.0-a1