diff --git a/.gitignore b/.gitignore index 68b832b..ccadde6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pki-10.7.1.tar.gz +SOURCES/pki-10.8.0-b2.tar.gz diff --git a/.pki-core.metadata b/.pki-core.metadata index 976f6f6..97ae103 100644 --- a/.pki-core.metadata +++ b/.pki-core.metadata @@ -1 +1 @@ -06d1fc23b21fe71bdf2594bfdcadaa2539b68351 SOURCES/pki-10.7.1.tar.gz +b148d7365729841fc756157d33ee2bd57cbc6cf2 SOURCES/pki-10.8.0-b2.tar.gz diff --git a/SOURCES/0001-Fixed-TPS-installation-issue.patch b/SOURCES/0001-Fixed-TPS-installation-issue.patch deleted file mode 100644 index 82656dc..0000000 --- a/SOURCES/0001-Fixed-TPS-installation-issue.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2f8adb82218a30abc2a7434974f69e56d92d2649 Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Thu, 13 Jun 2019 16:09:54 -0500 -Subject: [PATCH] Fixed TPS installation issue - -The TPSConfigurator.setupAdmin() has been modified to call the -parent method first to create the admin user. ---- - base/tps/src/org/dogtagpki/server/tps/TPSConfigurator.java | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSConfigurator.java b/base/tps/src/org/dogtagpki/server/tps/TPSConfigurator.java -index b9fc43f9c..32714e9f0 100644 ---- a/base/tps/src/org/dogtagpki/server/tps/TPSConfigurator.java -+++ b/base/tps/src/org/dogtagpki/server/tps/TPSConfigurator.java -@@ -152,6 +152,8 @@ public class TPSConfigurator extends Configurator { - @Override - public void setupAdmin(AdminSetupRequest request, AdminSetupResponse response) throws Exception { - -+ super.setupAdmin(request, response); -+ - logger.debug("Adding all profiles to TPS admin user"); - - CMSEngine engine = CMS.getCMSEngine(); --- -2.20.1 - diff --git a/SOURCES/0001-Fixed-cloning-issue.patch b/SOURCES/0001-Fixed-cloning-issue.patch deleted file mode 100644 index 946a8db..0000000 --- a/SOURCES/0001-Fixed-cloning-issue.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 1ea28de6409c624b6588987855f97d50c18f3ade Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Thu, 13 Jun 2019 13:21:20 -0500 -Subject: [PATCH] Fixed cloning issue - -The setupReplication and reindexData fields have been removed -from ConfigurationRequest so they should not be set anymore -in set_cloning_parameters(). ---- - base/server/python/pki/server/deployment/pkihelper.py | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py -index 9d75893ff..4bc224aff 100644 ---- a/base/server/python/pki/server/deployment/pkihelper.py -+++ b/base/server/python/pki/server/deployment/pkihelper.py -@@ -3429,8 +3429,6 @@ class ConfigClient: - if self.mdict['pki_clone_replication_clone_port']: - data.cloneReplicationPort = \ - self.mdict['pki_clone_replication_clone_port'] -- data.setupReplication = self.mdict['pki_clone_setup_replication'] -- data.reindexData = self.mdict['pki_clone_reindex_data'] - - def set_hierarchy_parameters(self, data): - if self.subsystem == "CA": --- -2.20.1 - diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec index 89cef84..41b6a29 100644 --- a/SPECS/pki-core.spec +++ b/SPECS/pki-core.spec @@ -2,17 +2,17 @@ Name: pki-core ################################################################################ -%global vendor redhat +%global vendor_id redhat %global brand Red Hat -Summary: PKI Core Package +Summary: %{brand} PKI Core Package URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.7.1 -Release: 2%{?_timestamp}%{?_commit_id}%{?dist} -# global _phase -a1 +Version: 10.8.0 +Release: 0.4%{?_timestamp}%{?_commit_id}%{?dist} +%global _phase -b2 # To create a tarball from a version tag: # $ git archive \ @@ -28,8 +28,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -Patch1: 0001-Fixed-cloning-issue.patch -Patch2: 0001-Fixed-TPS-installation-issue.patch ################################################################################ # NSS @@ -141,14 +139,19 @@ Patch2: 0001-Fixed-TPS-installation-issue.patch %if ! %{with debug} %define debug_package %{nil} -%endif # with debug + +# with debug +%endif # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 -# pkiuser and group. The uid and gid are preallocated -# see /usr/share/doc/setup/uidgid +# The PKI UID and GID are preallocated, see: +# https://bugzilla.redhat.com/show_bug.cgi?id=476316 +# https://bugzilla.redhat.com/show_bug.cgi?id=476782 +# https://pagure.io/setup/blob/master/f/uidgid +# /usr/share/doc/setup/uidgid %define pki_username pkiuser %define pki_uid 17 %define pki_groupname pkiuser @@ -261,7 +264,9 @@ BuildRequires: python2-flake8 >= 2.5.4 BuildRequires: python2-pyflakes >= 1.2.3 %endif %endif -%endif # with_python2 + +# with_python2 +%endif %if 0%{?with_python3} %if 0%{?rhel} @@ -271,7 +276,9 @@ BuildRequires: python3-pylint BuildRequires: python3-flake8 >= 2.5.4 BuildRequires: python3-pyflakes >= 1.2.3 %endif -%endif # with_python3 + +# with_python3 +%endif %if 0%{?with_python2} BuildRequires: python2 @@ -297,7 +304,9 @@ BuildRequires: python2-ldap %else BuildRequires: policycoreutils-python-utils %endif -%endif # with_python2 + +# with_python2 +%endif %if 0%{?with_python3} BuildRequires: python3 @@ -314,7 +323,9 @@ BuildRequires: python3-libselinux BuildRequires: python3-nss BuildRequires: python3-requests >= 2.6.0 BuildRequires: python3-six -%endif # with_python3 + +# with_python3 +%endif BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 @@ -322,7 +333,7 @@ BuildRequires: jpackage-utils >= 0:1.7.5-10 BuildRequires: jss >= 4.4.0-11 BuildRequires: tomcatjss >= 7.2.1-4 %else -BuildRequires: jss >= 4.6.0 +BuildRequires: jss >= 4.6.0-4 BuildRequires: tomcatjss >= 7.4.1 %endif BuildRequires: systemd-units @@ -357,14 +368,18 @@ BuildRequires: zlib BuildRequires: zlib-devel # build dependency to build man pages +%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} BuildRequires: go-md2man +%else +BuildRequires: golang-github-cpuguy83-md2man +%endif # PKICertImport depends on certutil and openssl BuildRequires: nss-tools BuildRequires: openssl # description for top-level package (if there is a separate meta package) -%if "%{name}" != "%{vendor}-pki" +%if "%{name}" != "%{vendor_id}-pki" %description %{brand} PKI is an enterprise software system designed @@ -381,9 +396,9 @@ PKI consists of the following components: %endif %if %{with meta} -%if "%{name}" != "%{vendor}-pki" +%if "%{name}" != "%{vendor_id}-pki" ################################################################################ -%package -n %{vendor}-pki +%package -n %{vendor_id}-pki ################################################################################ Summary: %{brand} PKI Package @@ -391,8 +406,8 @@ Summary: %{brand} PKI Package # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI theme packages -Requires: %{vendor}-pki-server-theme = %{version} -Requires: %{vendor}-pki-console-theme = %{version} +Requires: %{vendor_id}-pki-server-theme = %{version} +Requires: %{vendor_id}-pki-console-theme = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages @@ -416,10 +431,10 @@ Requires: esc >= 1.1.1 %endif # description for top-level package (unless there is a separate meta package) -%if "%{name}" == "%{vendor}-pki" +%if "%{name}" == "%{vendor_id}-pki" %description %else -%description -n %{vendor}-pki +%description -n %{vendor_id}-pki %endif %{brand} PKI is an enterprise software system designed @@ -433,7 +448,8 @@ PKI consists of the following components: * Token Key Service (TKS) * Token Processing Service (TPS) -%endif # with meta +# with meta +%endif %if %{with base} ################################################################################ @@ -447,7 +463,7 @@ Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: jss >= 4.4.0-11 %else -Requires: jss >= 4.6.0 +Requires: jss >= 4.6.0-4 %endif Requires: nss >= 3.38.0 @@ -469,13 +485,16 @@ Summary: PKI Base Package BuildArch: noarch Requires: nss >= 3.36.1 + %if 0%{?with_python3_default} Requires: python3-pki = %{version} Requires(post): python3-pki = %{version} %else Requires: python2-pki = %{version} Requires(post): python2-pki = %{version} -%endif # with_python3_default + +# with_python3_default +%endif # Ensure we end up with a useful installation Conflicts: pki-symkey < %{version} @@ -516,7 +535,8 @@ Requires: python2-six %description -n python2-pki This package contains PKI client library for Python 2. -%endif # with_python2 +# with_python2 +%endif %if 0%{?with_python3} ################################################################################ @@ -542,7 +562,8 @@ Requires: python3-six %description -n python3-pki This package contains PKI client library for Python 3. -%endif # with_python3 for python3-pki +# with_python3 for python3-pki +%endif ################################################################################ %package -n pki-base-java @@ -569,7 +590,7 @@ Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: jss >= 4.4.0-11 %else -Requires: jss >= 4.6.0 +Requires: jss >= 4.6.0-4 %endif Requires: ldapjdk >= 4.21.0 Requires: pki-base = %{version} @@ -614,6 +635,7 @@ Summary: PKI Tools Package Requires: openldap-clients Requires: nss-tools >= 3.36.1 Requires: pki-base-java = %{version} +Requires: p11-kit-trust # PKICertImport depends on certutil and openssl Requires: nss-tools @@ -623,7 +645,8 @@ Requires: openssl This package contains PKI executables that can be used to help make Certificate System into a more complete and robust PKI solution. -%endif # with base +# with base +%endif %if %{with server} ################################################################################ @@ -676,7 +699,9 @@ Requires: python2-lxml Requires: python2-libselinux Requires: python2-policycoreutils %endif -%endif # with_python3_default + +# with_python3_default +%endif Requires: selinux-policy-targeted >= 3.13.1-159 @@ -726,7 +751,8 @@ following PKI subsystems: the Token Key Service (TKS), and the Token Processing Service (TPS). -%endif # with server +# with server +%endif %if %{with ca} ################################################################################ @@ -750,7 +776,8 @@ The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. -%endif # with ca +# with ca +%endif %if %{with kra} ################################################################################ @@ -780,7 +807,8 @@ protection of the public encryption keys for the users in the PKI deployment. Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys. -%endif # with kra +# with kra +%endif %if %{with ocsp} ################################################################################ @@ -817,7 +845,8 @@ When an instance of OCSP Manager is set up with an instance of CA, and publishing is set up to this OCSP Manager, CRLs are published to it whenever they are issued or updated. -%endif # with ocsp +# with ocsp +%endif %if %{with tks} ################################################################################ @@ -848,7 +877,8 @@ TKS. Tokens with older keys will get new token keys. Because of the sensitivity of the data that TKS manages, TKS should be set up behind the firewall with restricted access. -%endif # with tks +# with tks +%endif %if %{with tps} ################################################################################ @@ -888,7 +918,8 @@ The utility "tpsclient" is a test tool that interacts with TPS. This tool is useful to test TPS server configs without risking an actual smart card. -%endif # with tps +# with tps +%endif %if %{with javadoc} ################################################################################ @@ -907,7 +938,8 @@ Conflicts: pki-console-theme < %{version} %description -n pki-javadoc This package contains PKI API documentation. -%endif # with javadoc +# with javadoc +%endif %if %{with console} ################################################################################ @@ -926,11 +958,12 @@ Requires: pki-console-theme = %{version} %description -n pki-console The PKI Console is a Java application used to administer PKI server. -%endif # with console +# with console +%endif %if %{with theme} ################################################################################ -%package -n %{vendor}-pki-server-theme +%package -n %{vendor_id}-pki-server-theme ################################################################################ Summary: %{brand} PKI Server Theme Package @@ -944,12 +977,12 @@ Conflicts: pki-symkey < %{version} Conflicts: pki-console-theme < %{version} Conflicts: pki-javadoc < %{version} -%description -n %{vendor}-pki-server-theme +%description -n %{vendor_id}-pki-server-theme This PKI Server Theme Package contains %{brand} textual and graphical user interface for PKI Server. ################################################################################ -%package -n %{vendor}-pki-console-theme +%package -n %{vendor_id}-pki-console-theme ################################################################################ Summary: %{brand} PKI Console Theme Package @@ -963,11 +996,12 @@ Conflicts: pki-symkey < %{version} Conflicts: pki-server-theme < %{version} Conflicts: pki-javadoc < %{version} -%description -n %{vendor}-pki-console-theme +%description -n %{vendor_id}-pki-console-theme This PKI Console Theme Package contains %{brand} textual and graphical user interface for PKI Console. -%endif # with theme +# with theme +%endif ################################################################################ %prep @@ -994,6 +1028,7 @@ cd build --no-warn-unused-cli \ -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ + -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -DJAVA_HOME=%{java_home} \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ @@ -1014,7 +1049,7 @@ cd build %endif -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ - -DTHEME=%{?with_theme:%{vendor}} \ + -DTHEME=%{?with_theme:%{vendor_id}} \ .. ################################################################################ @@ -1043,7 +1078,9 @@ cat > %{buildroot}%{_datadir}/doc/pki/README << EOF This package is a "meta-package" whose dependencies pull in all of the packages comprising the %{brand} Public Key Infrastructure (PKI) Suite. EOF -%endif # with meta + +# with meta +%endif # Customize system upgrade scripts in /usr/share/pki/upgrade %if 0%{?rhel} && 0%{?rhel} <= 7 @@ -1074,20 +1111,20 @@ EOF %if 0%{?rhel} && 0%{?rhel} <= 7 # merge newer upgrade scripts into 10.3.3 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/01-FixServerLibrary \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/02-FixServerLibrary -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/02-FixDeploymentDescriptor \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/03-FixDeploymentDescriptor +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/01-FixServerLibrary.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/02-FixServerLibrary.py +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/02-FixDeploymentDescriptor.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/03-FixDeploymentDescriptor.py /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.3.4 /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5 # merge newer upgrade scripts into 10.4.1 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/01-AddSessionAuthenticationPlugin \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/01-AddSessionAuthenticationPlugin -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/02-AddKRAWrappingParams \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/02-AddKRAWrappingParams -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6/01-UpdateKeepAliveTimeout \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/03-UpdateKeepAliveTimeout +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/01-AddSessionAuthenticationPlugin.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/01-AddSessionAuthenticationPlugin.py +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/02-AddKRAWrappingParams.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/02-AddKRAWrappingParams.py +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6/01-UpdateKeepAliveTimeout.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/03-UpdateKeepAliveTimeout.py /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2 /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.3 /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.4 @@ -1095,8 +1132,8 @@ mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6/01-UpdateKeepAliveTimeout \ /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6 # merge newer upgrade script into 10.5.1 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5/01-AddTPSExternalRegISEtokenParams \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.5.1/01-AddTPSExternalRegISEtokenParams +mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5/01-AddTPSExternalRegISEtokenParams.py \ + %{buildroot}%{_datadir}/pki/server/upgrade/10.5.1/01-AddTPSExternalRegISEtokenParams.py /bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5 @@ -1160,7 +1197,9 @@ if [ $? -ne 0 ]; then echo "pylint for Python 2 with --py3k failed. RC: $?" exit 1 fi -%endif # with_python3_default + +# with_python3_default +%endif ################################################################################ echo "Scanning Python code with flake8" @@ -1172,7 +1211,9 @@ if [ $? -ne 0 ]; then echo "flake8 for Python 2 failed. RC: $?" exit 1 fi -%endif # with_python2 + +# with_python2 +%endif %if 0%{?with_python3} python3-flake8 --config ../tox.ini %{buildroot} @@ -1180,59 +1221,26 @@ if [ $? -ne 0 ]; then echo "flake8 for Python 3 failed. RC: $?" exit 1 fi -%endif # with_python3 +# with_python3 %endif -%endif # with server - -%if %{with base} +%endif -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no upgrade check -%else -%pretrans -n pki-base -p -function test(a) - if posix.stat(a) then - for f in posix.files(a) do - if f~=".." and f~="." then - return true - end - end - end - return false -end - -if (test("/etc/sysconfig/pki/ca") or - test("/etc/sysconfig/pki/kra") or - test("/etc/sysconfig/pki/ocsp") or - test("/etc/sysconfig/pki/tks")) then - msg = "Unable to upgrade to Fedora 20. There are PKI 9 instances\n" .. - "that will no longer work since they require Tomcat 6, and \n" .. - "Tomcat 6 is no longer available in Fedora 20.\n\n" .. - "Please follow these instructions to migrate the instances to \n" .. - "PKI 10:\n\n" .. - "http://www.dogtagpki.org/wiki/Migrating_PKI_9_Instances_to_PKI_10" - error(msg) -end -%endif - -%endif # with base +# with server +%endif %if %{with server} %pre -n pki-server getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname} if ! getent passwd %{pki_username} >/dev/null ; then - if ! getent passwd %{pki_uid} >/dev/null ; then - useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} - else - useradd -r -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} - fi + useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} fi exit 0 -%endif # with server +# with server +%endif %if %{with base} @@ -1258,7 +1266,8 @@ then rm -f %{_sysconfdir}/pki/pki.version fi -%endif # with base +# with base +%endif %if %{with server} @@ -1267,8 +1276,8 @@ fi ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -echo "Upgrading PKI server configuration at `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 -/sbin/pki-server-upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 +echo "Upgrading PKI server configuration on `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 +/sbin/pki-server upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 # Reload systemd daemons on upgrade only @@ -1288,12 +1297,13 @@ fi ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -%endif # with server +# with server +%endif %if %{with meta} -%if "%{name}" != "%{vendor}-pki" +%if "%{name}" != "%{vendor_id}-pki" ################################################################################ -%files -n %{vendor}-pki +%files -n %{vendor_id}-pki ################################################################################ %else %files @@ -1301,7 +1311,8 @@ fi %doc %{_datadir}/doc/pki/README -%endif # with meta +# with meta +%endif %if %{with base} ################################################################################ @@ -1321,9 +1332,11 @@ fi %doc %{_datadir}/doc/pki-base/html %dir %{_datadir}/pki %{_datadir}/pki/VERSION +%{_datadir}/pki/pom.xml %dir %{_datadir}/pki/etc %{_datadir}/pki/etc/pki.conf %{_datadir}/pki/etc/logging.properties +%dir %{_datadir}/pki/lib %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/config %{_datadir}/pki/upgrade/ @@ -1347,7 +1360,9 @@ fi %exclude %{python2_sitelib}/pki/server %endif %{python2_sitelib}/pki -%endif # with_python2 + +# with_python2 +%endif ################################################################################ %files -n pki-base-java @@ -1356,7 +1371,7 @@ fi %doc base/common/LICENSE %doc base/common/LICENSE.LESSER %{_datadir}/pki/examples/java/ -%{_datadir}/pki/lib/ +%{_datadir}/pki/lib/*.jar %dir %{_javadir}/pki %{_javadir}/pki/pki-cmsutil.jar %{_javadir}/pki/pki-nsutil.jar @@ -1373,15 +1388,18 @@ fi %exclude %{python3_sitelib}/pki/server %endif %{python3_sitelib}/pki -%endif # with_python3 + +# with_python3 +%endif ################################################################################ %files -n pki-tools ################################################################################ %doc base/native-tools/LICENSE base/native-tools/doc/README -%{_bindir}/pki %{_bindir}/p7tool +%{_bindir}/pistool +%{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin %{_bindir}/sslget @@ -1412,6 +1430,7 @@ fi %{_bindir}/TokenInfo %{_javadir}/pki/pki-tools.jar %{_datadir}/pki/java-tools/ +%{_datadir}/pki/lib/p11-kit-trust.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz %{_mandir}/man1/BtoA.1.gz @@ -1443,7 +1462,8 @@ fi %{_mandir}/man1/PKCS10Client.1.gz %{_mandir}/man1/PKICertImport.1.gz -%endif # with base +# with base +%endif %if %{with server} ################################################################################ @@ -1463,7 +1483,9 @@ fi %{python3_sitelib}/pki/server/ %else %{python2_sitelib}/pki/server/ -%endif # with_python3_default + +# with_python3_default +%endif %{_datadir}/pki/etc/tomcat.conf %dir %{_datadir}/pki/deployment @@ -1479,7 +1501,6 @@ fi %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target %{_javadir}/pki/pki-cms.jar %{_javadir}/pki/pki-cmsbundle.jar -%{_javadir}/pki/pki-cmscore.jar %{_javadir}/pki/pki-tomcat.jar %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz @@ -1501,8 +1522,11 @@ fi %{_mandir}/man8/pki-server-tps.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ +%{_datadir}/pki/acme/ +%{_javadir}/pki/pki-acme.jar -%endif # with server +# with server +%endif %if %{with ca} ################################################################################ @@ -1514,12 +1538,12 @@ fi %dir %{_datadir}/pki/ca %{_datadir}/pki/ca/conf/ %{_datadir}/pki/ca/emails/ -%dir %{_datadir}/pki/ca/profiles -%{_datadir}/pki/ca/profiles/ca/ +%{_datadir}/pki/ca/profiles/ %{_datadir}/pki/ca/setup/ %{_datadir}/pki/ca/webapps/ -%endif # with ca +# with ca +%endif %if %{with kra} ################################################################################ @@ -1533,7 +1557,8 @@ fi %{_datadir}/pki/kra/setup/ %{_datadir}/pki/kra/webapps/ -%endif # with kra +# with kra +%endif %if %{with ocsp} ################################################################################ @@ -1547,7 +1572,8 @@ fi %{_datadir}/pki/ocsp/setup/ %{_datadir}/pki/ocsp/webapps/ -%endif # with ocsp +# with ocsp +%endif %if %{with tks} ################################################################################ @@ -1561,7 +1587,8 @@ fi %{_datadir}/pki/tks/setup/ %{_datadir}/pki/tks/webapps/ -%endif # with tks +# with tks +%endif %if %{with tps} ################################################################################ @@ -1586,7 +1613,8 @@ fi %{_libdir}/tps/libtps.so %{_libdir}/tps/libtokendb.so -%endif # with tps +# with tps +%endif %if %{with javadoc} ################################################################################ @@ -1595,7 +1623,8 @@ fi %{_javadocdir}/pki-%{version}/ -%endif # with javadoc +# with javadoc +%endif %if %{with console} ################################################################################ @@ -1606,14 +1635,15 @@ fi %{_bindir}/pkiconsole %{_javadir}/pki/pki-console.jar -%endif # with console +# with console +%endif %if %{with theme} ################################################################################ -%files -n %{vendor}-pki-server-theme +%files -n %{vendor_id}-pki-server-theme ################################################################################ -%doc themes/%{vendor}/common-ui/LICENSE +%doc themes/%{vendor_id}/common-ui/LICENSE %dir %{_datadir}/pki %{_datadir}/pki/CS_SERVER_VERSION %{_datadir}/pki/common-ui/ @@ -1628,116 +1658,141 @@ fi %{_datadir}/pki/server/webapps/pki/tks ################################################################################ -%files -n %{vendor}-pki-console-theme +%files -n %{vendor_id}-pki-console-theme ################################################################################ -%doc themes/%{vendor}/console-ui/LICENSE +%doc themes/%{vendor_id}/console-ui/LICENSE %{_javadir}/pki/pki-console-theme.jar -%endif # with theme +# with theme +%endif ################################################################################ %changelog -* Thu Jun 13 2019 Red Hat PKI Team - 10.7.1-2 +* Fri Dec 13 2019 Red Hat PKI Team 10.8.0-0.4 +- Rebased to PKI 10.8.0-b2 + +* Wed Dec 11 2019 Red Hat PKI Team 10.8.0-0.3 +- Rebased to PKI 10.8.0-b1 + +* Fri Nov 22 2019 Red Hat PKI Team 10.8.0-0.2 +- Rebased to PKI 10.8.0-a2 + +* Thu Oct 31 2019 Red Hat PKI Team 10.8.0-0.1 +- Rebased to PKI 10.8.0-a1 + +* Wed Aug 14 2019 Red Hat PKI Team 10.7.3-1 +- Rebased to PKI 10.7.3 +- Bug #1698084 - pkidestroy not working as expected +- Bug #1468050 and Bug #1448235 - Support AES for LWCA key replication + +* Tue Jul 23 2019 Red Hat PKI Team 10.7.2-1 +- Rebased to PKI 10.7.2 +- Bug #1721340 - TPS installation failure +- Bug #1248216 - Incorrect pkidaemon status +- Bug #1729215 - cert-fix: detect and prevent pkidbuser being used as --agent-uid +- Bug #1698059 - pki-core implements crypto + +* Thu Jun 13 2019 Red Hat PKI Team 10.7.1-2 - Fixed cloning issue - Fixed TPS installation issue -* Wed Jun 12 2019 Red Hat PKI Team - 10.7.1-1 +* Wed Jun 12 2019 Red Hat PKI Team 10.7.1-1 - Rebased to PKI 10.7.1 -* Wed Apr 24 2019 Red Hat PKI Team - 10.7.0-1 +* Wed Apr 24 2019 Red Hat PKI Team 10.7.0-1 - Rebased to PKI 10.7.0 -* Mon Jan 28 2019 Red Hat PKI Team - 10.6.9-2 +* Mon Jan 28 2019 Red Hat PKI Team 10.6.9-2 - Bug #1652269 - Replace Nuxwdog -* Mon Jan 14 2019 Red Hat PKI Team - 10.6.9-1 +* Mon Jan 14 2019 Red Hat PKI Team 10.6.9-1 - Rebased to PKI 10.6.9 - Bug #1629048 - X500Name.directoryStringEncodingOrder overridden by CSR encoding - Bug #1652269 - Replace Nuxwdog - Bug #1656856 - Need Method to Include SKI in CA Signing Certificate Request -* Thu Nov 29 2018 Red Hat PKI Team - 10.6.8-1 +* Thu Nov 29 2018 Red Hat PKI Team 10.6.8-1 - Rebased to PKI 10.6.8 - Bug #1602659 - Fix issues found by covscan - Bug #1566360 - Fix missing serial number from pki-server subsystem-cert-find -* Fri Oct 26 2018 Red Hat PKI Team - 10.6.7-3 +* Fri Oct 26 2018 Red Hat PKI Team 10.6.7-3 - Bug #1643101 - Fix problems due to token normalization -* Tue Oct 23 2018 Red Hat PKI Team - 10.6.7-2 +* Tue Oct 23 2018 Red Hat PKI Team 10.6.7-2 - Bug #1623444 - Fix Python KeyClient KeyRequestResponse parsing -* Fri Oct 05 2018 Red Hat PKI Team - 10.6.7-1 +* Fri Oct 05 2018 Red Hat PKI Team 10.6.7-1 - Rebased to PKI 10.6.7 -* Fri Aug 24 2018 Alexander Bokovoy - 10.6.6-3 +* Fri Aug 24 2018 Alexander Bokovoy 10.6.6-3 - Build on s390x -* Wed Aug 22 2018 Alexander Bokovoy - 10.6.6-2 +* Wed Aug 22 2018 Alexander Bokovoy 10.6.6-2 - Use platform-python interpreter - Bug #1620066 - pkispawn crashes as /usr/bin/python3 does not exist -* Mon Aug 13 2018 Red Hat PKI Team - 10.6.6-1 +* Mon Aug 13 2018 Red Hat PKI Team 10.6.6-1 - Rebased to PKI 10.6.6 -* Wed Aug 08 2018 Red Hat PKI Team - 10.6.5-1 +* Wed Aug 08 2018 Red Hat PKI Team 10.6.5-1 - Rebased to PKI 10.6.5 * Tue Aug 07 2018 Red Hat PKI Team 10.6.4-4 - Bug #1612063 - Do not override system crypto policy (support TLS 1.3) -* Wed Aug 01 2018 Red Hat PKI Team - 10.6.4-3 +* Wed Aug 01 2018 Red Hat PKI Team 10.6.4-3 - Patch PKI to use Jackson 2 and avoid Jackson 1 dependency. Add direct dependency on slf4j-jdk14. -* Tue Jul 31 2018 Red Hat PKI Team - 10.6.4-2 +* Tue Jul 31 2018 Red Hat PKI Team 10.6.4-2 - Updated Jackson and RESTEasy dependencies -* Fri Jul 20 2018 Red Hat PKI Team - 10.6.4-1 +* Fri Jul 20 2018 Red Hat PKI Team 10.6.4-1 - Rebased to PKI 10.6.4 -* Thu Jul 05 2018 Red Hat PKI Team - 10.6.3-1 +* Thu Jul 05 2018 Red Hat PKI Team 10.6.3-1 - Rebased to PKI 10.6.3 -* Mon Jul 02 2018 Miro Hrončok - 10.6.2-4 +* Mon Jul 02 2018 Miro Hrončok 10.6.2-4 - Rebuilt for Python 3.7 -* Thu Jun 28 2018 Red Hat PKI Team - 10.6.2-3 +* Thu Jun 28 2018 Red Hat PKI Team 10.6.2-3 - Fixed macro expressions - Bug #1566606 - pki-core: Switch to Python 3 - Bug #1590467 - pki-core: Drop pylint dependency from RHEL 8 -* Tue Jun 19 2018 Miro Hrončok - 10.6.2-2 +* Tue Jun 19 2018 Miro Hrončok 10.6.2-2 - Rebuilt for Python 3.7 -* Fri Jun 15 2018 Red Hat PKI Team - 10.6.2-1 +* Fri Jun 15 2018 Red Hat PKI Team 10.6.2-1 - Rebased to PKI 10.6.2 -* Wed May 30 2018 Red Hat PKI Team - 10.6.1-3 +* Wed May 30 2018 Red Hat PKI Team 10.6.1-3 - Updated JSS dependency - Updated Tomcat dependency - Fixed rpmlint warnings -* Fri May 04 2018 Red Hat PKI Team - 10.6.1-2 +* Fri May 04 2018 Red Hat PKI Team 10.6.1-2 - Bug #1574711 - pki-tools cannot be installed on current Rawhide - Fixed rpmlint warnings -* Thu May 03 2018 Red Hat PKI Team - 10.6.1-1 +* Thu May 03 2018 Red Hat PKI Team 10.6.1-1 - Rebased to PKI 10.6.1 - Bug #1559047 - pki-core misses a dependency to pki-symkey - Bug #1573094 - FreeIPA external CA installation fails -* Wed Apr 11 2018 Red Hat PKI Team - 10.6.0-1 +* Wed Apr 11 2018 Red Hat PKI Team 10.6.0-1 - Updated project URL and package descriptions - Cleaned up spec file - Rebased to PKI 10.6.0 final -* Thu Mar 29 2018 Red Hat PKI Team - 10.6.0-0.3 +* Thu Mar 29 2018 Red Hat PKI Team 10.6.0-0.3 - Iryna Shcherbina : Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - Rebased to PKI 10.6.0 beta2 -* Thu Mar 15 2018 Red Hat PKI Team - 10.6.0-0.2 +* Thu Mar 15 2018 Red Hat PKI Team 10.6.0-0.2 - Rebased to PKI 10.6.0 beta