Update to upstream 0.79.8
This commit is contained in:
parent
6f1c170b8b
commit
21430b4d60
1
.gitignore
vendored
1
.gitignore
vendored
@ -124,3 +124,4 @@ certmonger-0.28.tar.gz
|
|||||||
/certmonger-0.79.5.tar.gz
|
/certmonger-0.79.5.tar.gz
|
||||||
/certmonger-0.79.6.tar.gz
|
/certmonger-0.79.6.tar.gz
|
||||||
/certmonger-0.79.7.tar.gz
|
/certmonger-0.79.7.tar.gz
|
||||||
|
/certmonger-0.79.8.tar.gz
|
||||||
|
@ -1,293 +0,0 @@
|
|||||||
From fd17f002b2f4150a1fddc2582a21c6c03933a28a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 23 Feb 2018 10:43:44 -0500
|
|
||||||
Subject: [PATCH] NSS crypto policy sets minimum RSA and DSA key size to 2048
|
|
||||||
|
|
||||||
Remove keys < 2048 for the NSS tests. This affects some of the
|
|
||||||
OpenSSL tests as well where they run in a combined loop.
|
|
||||||
|
|
||||||
Where it was not invasive to do I left the 1024/1536 for OpenSSL.
|
|
||||||
---
|
|
||||||
tests/001-keyiread-dsa/expected.out | 6 +++---
|
|
||||||
tests/001-keyiread-dsa/run.sh | 2 +-
|
|
||||||
tests/001-keyiread-rsa/expected.out | 2 --
|
|
||||||
tests/001-keyiread-rsa/run.sh | 2 +-
|
|
||||||
tests/001-keyiread/expected.out | 2 --
|
|
||||||
tests/001-keyiread/run.sh | 2 +-
|
|
||||||
tests/002-keygen-rsa/expected.out | 6 ------
|
|
||||||
tests/002-keygen-rsa/run.sh | 2 +-
|
|
||||||
tests/002-keygen/expected.out | 18 ------------------
|
|
||||||
tests/002-keygen/run.sh | 2 +-
|
|
||||||
tests/003-csrgen-rsa/expected.out | 6 ------
|
|
||||||
tests/003-csrgen-rsa/run.sh | 4 ++--
|
|
||||||
tests/003-csrgen/expected.out | 8 --------
|
|
||||||
tests/003-csrgen/run.sh | 4 ++--
|
|
||||||
tests/004-selfsign-rsa/expected.out | 2 --
|
|
||||||
tests/004-selfsign-rsa/run.sh | 2 +-
|
|
||||||
tests/004-selfsign/expected.out | 2 --
|
|
||||||
tests/004-selfsign/run.sh | 2 +-
|
|
||||||
18 files changed, 14 insertions(+), 60 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/001-keyiread-dsa/expected.out b/tests/001-keyiread-dsa/expected.out
|
|
||||||
index b09db0ae..50643176 100644
|
|
||||||
--- a/tests/001-keyiread-dsa/expected.out
|
|
||||||
+++ b/tests/001-keyiread-dsa/expected.out
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-OK (DSA:1024).
|
|
||||||
-OK (DSA:1024).
|
|
||||||
-OK (DSA:1024).
|
|
||||||
+OK (DSA:2048).
|
|
||||||
+OK (DSA:2048).
|
|
||||||
+OK (DSA:2048).
|
|
||||||
Test complete.
|
|
||||||
diff --git a/tests/001-keyiread-dsa/run.sh b/tests/001-keyiread-dsa/run.sh
|
|
||||||
index 9f96b3bc..68f6d1c3 100755
|
|
||||||
--- a/tests/001-keyiread-dsa/run.sh
|
|
||||||
+++ b/tests/001-keyiread-dsa/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 ; do
|
|
||||||
+for size in 2048 ; do
|
|
||||||
# Generate a self-signed cert.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
|
|
||||||
index 727897d1..3daa51f2 100644
|
|
||||||
--- a/tests/001-keyiread-rsa/expected.out
|
|
||||||
+++ b/tests/001-keyiread-rsa/expected.out
|
|
||||||
@@ -1,5 +1,3 @@
|
|
||||||
-OK (RSA:1024).
|
|
||||||
-OK (RSA:1536).
|
|
||||||
OK (RSA:2048).
|
|
||||||
OK (RSA:3072).
|
|
||||||
OK (RSA:4096).
|
|
||||||
diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
|
|
||||||
index c7b77686..ec31c7c7 100755
|
|
||||||
--- a/tests/001-keyiread-rsa/run.sh
|
|
||||||
+++ b/tests/001-keyiread-rsa/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Generate a self-signed cert.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
|
|
||||||
index 727897d1..3daa51f2 100644
|
|
||||||
--- a/tests/001-keyiread/expected.out
|
|
||||||
+++ b/tests/001-keyiread/expected.out
|
|
||||||
@@ -1,5 +1,3 @@
|
|
||||||
-OK (RSA:1024).
|
|
||||||
-OK (RSA:1536).
|
|
||||||
OK (RSA:2048).
|
|
||||||
OK (RSA:3072).
|
|
||||||
OK (RSA:4096).
|
|
||||||
diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
|
|
||||||
index ce1428ed..0b31df95 100755
|
|
||||||
--- a/tests/001-keyiread/run.sh
|
|
||||||
+++ b/tests/001-keyiread/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Generate a self-signed cert.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
|
|
||||||
index 3e6e9f3c..f7c146d0 100644
|
|
||||||
--- a/tests/002-keygen-rsa/expected.out
|
|
||||||
+++ b/tests/002-keygen-rsa/expected.out
|
|
||||||
@@ -1,9 +1,3 @@
|
|
||||||
-[nss:1024]
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1024).
|
|
||||||
-[nss:1536]
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1536).
|
|
||||||
[nss:2048]
|
|
||||||
OK.
|
|
||||||
OK (RSA:2048).
|
|
||||||
diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
|
|
||||||
index 476f4127..c0c59249 100755
|
|
||||||
--- a/tests/002-keygen-rsa/run.sh
|
|
||||||
+++ b/tests/002-keygen-rsa/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
echo "[nss:$size]"
|
|
||||||
# Generate a key.
|
|
||||||
cat > entry.$size <<- EOF
|
|
||||||
diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
|
|
||||||
index dcd1af06..b8fbea56 100644
|
|
||||||
--- a/tests/002-keygen/expected.out
|
|
||||||
+++ b/tests/002-keygen/expected.out
|
|
||||||
@@ -1,21 +1,3 @@
|
|
||||||
-[nss:1024]
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1024).
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1024 after RSA:1024).
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1024 after RSA:1024).
|
|
||||||
-keyi1024
|
|
||||||
-keyi1024 (candidate (next))
|
|
||||||
-[nss:1536]
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1536).
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1536 after RSA:1536).
|
|
||||||
-OK.
|
|
||||||
-OK (RSA:1536 after RSA:1536).
|
|
||||||
-keyi1536
|
|
||||||
-keyi1536 (candidate (next))
|
|
||||||
[nss:2048]
|
|
||||||
OK.
|
|
||||||
OK (RSA:2048).
|
|
||||||
diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
|
|
||||||
index 08af1523..94230e6f 100755
|
|
||||||
--- a/tests/002-keygen/run.sh
|
|
||||||
+++ b/tests/002-keygen/run.sh
|
|
||||||
@@ -7,7 +7,7 @@ scheme="${scheme:-dbm:}"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$scheme$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
echo "[nss:$size]"
|
|
||||||
# Generate a key.
|
|
||||||
cat > entry.$size <<- EOF
|
|
||||||
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
|
|
||||||
index c9dec729..def53fe4 100644
|
|
||||||
--- a/tests/003-csrgen-rsa/expected.out
|
|
||||||
+++ b/tests/003-csrgen-rsa/expected.out
|
|
||||||
@@ -1,10 +1,4 @@
|
|
||||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
-1024 OK.
|
|
||||||
-Signature OK
|
|
||||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
-1536 OK.
|
|
||||||
-Signature OK
|
|
||||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
2048 OK.
|
|
||||||
Signature OK
|
|
||||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
|
|
||||||
index 4cd84084..bb8ebecb 100755
|
|
||||||
--- a/tests/003-csrgen-rsa/run.sh
|
|
||||||
+++ b/tests/003-csrgen-rsa/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Build a self-signed certificate.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
@@ -147,7 +147,7 @@ iterate() {
|
|
||||||
|
|
||||||
iteration=1
|
|
||||||
|
|
||||||
-for size in 1024 ; do
|
|
||||||
+for size in 2048 ; do
|
|
||||||
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment"
|
|
||||||
done
|
|
||||||
|
|
||||||
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
|
|
||||||
index 8e6cac6e..04342c0f 100644
|
|
||||||
--- a/tests/003-csrgen/expected.out
|
|
||||||
+++ b/tests/003-csrgen/expected.out
|
|
||||||
@@ -1,13 +1,5 @@
|
|
||||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
Signature OK
|
|
||||||
-minicert.openssl.1024.pem: OK
|
|
||||||
-1024 OK.
|
|
||||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
-Signature OK
|
|
||||||
-minicert.openssl.1536.pem: OK
|
|
||||||
-1536 OK.
|
|
||||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
-Signature OK
|
|
||||||
minicert.openssl.2048.pem: OK
|
|
||||||
2048 OK.
|
|
||||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
|
|
||||||
index 7c169ed9..31466b5c 100755
|
|
||||||
--- a/tests/003-csrgen/run.sh
|
|
||||||
+++ b/tests/003-csrgen/run.sh
|
|
||||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
|
||||||
source "$srcdir"/functions
|
|
||||||
initnssdb "$tmpdir"
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Build a self-signed certificate.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
@@ -199,7 +199,7 @@ iterate() {
|
|
||||||
|
|
||||||
iteration=1
|
|
||||||
|
|
||||||
-for size in 1024 ; do
|
|
||||||
+for size in 2048 ; do
|
|
||||||
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype"
|
|
||||||
done
|
|
||||||
|
|
||||||
diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
|
|
||||||
index dd5029ec..0eb84ef1 100644
|
|
||||||
--- a/tests/004-selfsign-rsa/expected.out
|
|
||||||
+++ b/tests/004-selfsign-rsa/expected.out
|
|
||||||
@@ -1,5 +1,3 @@
|
|
||||||
-1024 OK.
|
|
||||||
-1536 OK.
|
|
||||||
2048 OK.
|
|
||||||
3072 OK.
|
|
||||||
4096 OK.
|
|
||||||
diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
|
|
||||||
index 6f9285b6..c1dd4c80 100755
|
|
||||||
--- a/tests/004-selfsign-rsa/run.sh
|
|
||||||
+++ b/tests/004-selfsign-rsa/run.sh
|
|
||||||
@@ -33,7 +33,7 @@ function setupca() {
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Build a self-signed certificate.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
|
|
||||||
index dd5029ec..0eb84ef1 100644
|
|
||||||
--- a/tests/004-selfsign/expected.out
|
|
||||||
+++ b/tests/004-selfsign/expected.out
|
|
||||||
@@ -1,5 +1,3 @@
|
|
||||||
-1024 OK.
|
|
||||||
-1536 OK.
|
|
||||||
2048 OK.
|
|
||||||
3072 OK.
|
|
||||||
4096 OK.
|
|
||||||
diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
|
|
||||||
index 7bb368ec..eb1df4ee 100755
|
|
||||||
--- a/tests/004-selfsign/run.sh
|
|
||||||
+++ b/tests/004-selfsign/run.sh
|
|
||||||
@@ -43,7 +43,7 @@ function setupca() {
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
-for size in 1024 1536 2048 3072 4096 ; do
|
|
||||||
+for size in 2048 3072 4096 ; do
|
|
||||||
# Build a self-signed certificate.
|
|
||||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
|
||||||
-s "cn=T$size" -c "cn=T$size" \
|
|
||||||
--
|
|
||||||
2.16.2
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From c2687bdf550f65756aef2cada53e18530ad402c9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Orion Poplawski <orion@nwra.com>
|
|
||||||
Date: Wed, 8 May 2019 08:23:23 -0600
|
|
||||||
Subject: [PATCH] Change /var/run -> /run in systemd service file
|
|
||||||
|
|
||||||
systemd 239 complains about the legacy of certmonger's PID file which is
|
|
||||||
located in /var/run.
|
|
||||||
|
|
||||||
Signed-off-by: Orion Poplawski <orion@nwra.com>
|
|
||||||
---
|
|
||||||
systemd/certmonger.service.in | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/systemd/certmonger.service.in b/systemd/certmonger.service.in
|
|
||||||
index 7bdbb464..6381d845 100644
|
|
||||||
--- a/systemd/certmonger.service.in
|
|
||||||
+++ b/systemd/certmonger.service.in
|
|
||||||
@@ -4,9 +4,9 @@ After=syslog.target network.target dbus.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=dbus
|
|
||||||
-PIDFile=/var/run/certmonger.pid
|
|
||||||
+PIDFile=/run/certmonger.pid
|
|
||||||
EnvironmentFile=-/etc/sysconfig/certmonger
|
|
||||||
-ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS
|
|
||||||
+ExecStart=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS
|
|
||||||
BusName=@CM_DBUS_NAME@
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -25,8 +25,8 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.7
|
Version: 0.79.8
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -111,17 +111,12 @@ Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
|
|||||||
Conflicts: libtevent < 0.9.13
|
Conflicts: libtevent < 0.9.13
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
|
|
||||||
Patch2: 0002-Change-var-run-run-in-systemd-service-file.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Certmonger is a service which is primarily concerned with getting your
|
Certmonger is a service which is primarily concerned with getting your
|
||||||
system enrolled with a certificate authority (CA) and keeping it enrolled.
|
system enrolled with a certificate authority (CA) and keeping it enrolled.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
%if 0%{?rhel} > 0
|
%if 0%{?rhel} > 0
|
||||||
# Enabled by default for RHEL for bug #765600, still disabled by default for
|
# Enabled by default for RHEL for bug #765600, still disabled by default for
|
||||||
@ -249,6 +244,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-1
|
||||||
|
- Update to upstream 0.79.8
|
||||||
|
|
||||||
* Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
|
* Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
|
||||||
- Add BuildRequires for krb5-devel, the buildroot changed.
|
- Add BuildRequires for krb5-devel, the buildroot changed.
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (certmonger-0.79.7.tar.gz) = eca748cc28a3d9e3a1d5871848e1c22a6025b86a07ffc166bbca59f0945e2d461d6fc8201bd0e6b94d13680e86bbd29a501c5c38763484640b5b8f70ca470980
|
SHA512 (certmonger-0.79.8.tar.gz) = 5e6f9c6a0b9c4a7c68a5f894b9ff3ba20fa42aa4d490c7e5e57c97dab2e152ca6ef7aee64f17a92fce7ca971077011f8f391218098612011be2b4961203db6bc
|
||||||
|
Loading…
Reference in New Issue
Block a user