rpms/certmonger
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream 0.79.8

Browse Source
This commit is contained in:
Rob Crittenden 2019-07-17 13:57:55 -04:00
parent 6f1c170b8b
commit 21430b4d60
5 changed files with 7 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -124,3 +124,4 @@ certmonger-0.28.tar.gz
/certmonger-0.79.5.tar.gz /certmonger-0.79.5.tar.gz
/certmonger-0.79.6.tar.gz /certmonger-0.79.6.tar.gz
/certmonger-0.79.7.tar.gz /certmonger-0.79.7.tar.gz
/certmonger-0.79.8.tar.gz

293
0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
View File

@ -1,293 +0,0 @@
From fd17f002b2f4150a1fddc2582a21c6c03933a28a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 23 Feb 2018 10:43:44 -0500
Subject: [PATCH] NSS crypto policy sets minimum RSA and DSA key size to 2048
Remove keys < 2048 for the NSS tests. This affects some of the
OpenSSL tests as well where they run in a combined loop.
Where it was not invasive to do I left the 1024/1536 for OpenSSL.
---
tests/001-keyiread-dsa/expected.out | 6 +++---
tests/001-keyiread-dsa/run.sh | 2 +-
tests/001-keyiread-rsa/expected.out | 2 --
tests/001-keyiread-rsa/run.sh | 2 +-
tests/001-keyiread/expected.out | 2 --
tests/001-keyiread/run.sh | 2 +-
tests/002-keygen-rsa/expected.out | 6 ------
tests/002-keygen-rsa/run.sh | 2 +-
tests/002-keygen/expected.out | 18 ------------------
tests/002-keygen/run.sh | 2 +-
tests/003-csrgen-rsa/expected.out | 6 ------
tests/003-csrgen-rsa/run.sh | 4 ++--
tests/003-csrgen/expected.out | 8 --------
tests/003-csrgen/run.sh | 4 ++--
tests/004-selfsign-rsa/expected.out | 2 --
tests/004-selfsign-rsa/run.sh | 2 +-
tests/004-selfsign/expected.out | 2 --
tests/004-selfsign/run.sh | 2 +-
18 files changed, 14 insertions(+), 60 deletions(-)
diff --git a/tests/001-keyiread-dsa/expected.out b/tests/001-keyiread-dsa/expected.out
index b09db0ae..50643176 100644
--- a/tests/001-keyiread-dsa/expected.out
+++ b/tests/001-keyiread-dsa/expected.out
@@ -1,4 +1,4 @@
-OK (DSA:1024).
-OK (DSA:1024).
-OK (DSA:1024).
+OK (DSA:2048).
+OK (DSA:2048).
+OK (DSA:2048).
Test complete.
diff --git a/tests/001-keyiread-dsa/run.sh b/tests/001-keyiread-dsa/run.sh
index 9f96b3bc..68f6d1c3 100755
--- a/tests/001-keyiread-dsa/run.sh
+++ b/tests/001-keyiread-dsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 ; do
+for size in 2048 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
index 727897d1..3daa51f2 100644
--- a/tests/001-keyiread-rsa/expected.out
+++ b/tests/001-keyiread-rsa/expected.out
@@ -1,5 +1,3 @@
-OK (RSA:1024).
-OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
index c7b77686..ec31c7c7 100755
--- a/tests/001-keyiread-rsa/run.sh
+++ b/tests/001-keyiread-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
index 727897d1..3daa51f2 100644
--- a/tests/001-keyiread/expected.out
+++ b/tests/001-keyiread/expected.out
@@ -1,5 +1,3 @@
-OK (RSA:1024).
-OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
index ce1428ed..0b31df95 100755
--- a/tests/001-keyiread/run.sh
+++ b/tests/001-keyiread/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
index 3e6e9f3c..f7c146d0 100644
--- a/tests/002-keygen-rsa/expected.out
+++ b/tests/002-keygen-rsa/expected.out
@@ -1,9 +1,3 @@
-[nss:1024]
-OK.
-OK (RSA:1024).
-[nss:1536]
-OK.
-OK (RSA:1536).
[nss:2048]
OK.
OK (RSA:2048).
diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
index 476f4127..c0c59249 100755
--- a/tests/002-keygen-rsa/run.sh
+++ b/tests/002-keygen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
index dcd1af06..b8fbea56 100644
--- a/tests/002-keygen/expected.out
+++ b/tests/002-keygen/expected.out
@@ -1,21 +1,3 @@
-[nss:1024]
-OK.
-OK (RSA:1024).
-OK.
-OK (RSA:1024 after RSA:1024).
-OK.
-OK (RSA:1024 after RSA:1024).
-keyi1024
-keyi1024 (candidate (next))
-[nss:1536]
-OK.
-OK (RSA:1536).
-OK.
-OK (RSA:1536 after RSA:1536).
-OK.
-OK (RSA:1536 after RSA:1536).
-keyi1536
-keyi1536 (candidate (next))
[nss:2048]
OK.
OK (RSA:2048).
diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
index 08af1523..94230e6f 100755
--- a/tests/002-keygen/run.sh
+++ b/tests/002-keygen/run.sh
@@ -7,7 +7,7 @@ scheme="${scheme:-dbm:}"
source "$srcdir"/functions
initnssdb "$scheme$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
index c9dec729..def53fe4 100644
--- a/tests/003-csrgen-rsa/expected.out
+++ b/tests/003-csrgen-rsa/expected.out
@@ -1,10 +1,4 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
-1024 OK.
-Signature OK
-pk12util: PKCS12 EXPORT SUCCESSFUL
-1536 OK.
-Signature OK
-pk12util: PKCS12 EXPORT SUCCESSFUL
2048 OK.
Signature OK
pk12util: PKCS12 EXPORT SUCCESSFUL
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
index 4cd84084..bb8ebecb 100755
--- a/tests/003-csrgen-rsa/run.sh
+++ b/tests/003-csrgen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -147,7 +147,7 @@ iterate() {
iteration=1
-for size in 1024 ; do
+for size in 2048 ; do
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment"
done
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
index 8e6cac6e..04342c0f 100644
--- a/tests/003-csrgen/expected.out
+++ b/tests/003-csrgen/expected.out
@@ -1,13 +1,5 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
Signature OK
-minicert.openssl.1024.pem: OK
-1024 OK.
-pk12util: PKCS12 EXPORT SUCCESSFUL
-Signature OK
-minicert.openssl.1536.pem: OK
-1536 OK.
-pk12util: PKCS12 EXPORT SUCCESSFUL
-Signature OK
minicert.openssl.2048.pem: OK
2048 OK.
pk12util: PKCS12 EXPORT SUCCESSFUL
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
index 7c169ed9..31466b5c 100755
--- a/tests/003-csrgen/run.sh
+++ b/tests/003-csrgen/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -199,7 +199,7 @@ iterate() {
iteration=1
-for size in 1024 ; do
+for size in 2048 ; do
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype"
done
diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
index dd5029ec..0eb84ef1 100644
--- a/tests/004-selfsign-rsa/expected.out
+++ b/tests/004-selfsign-rsa/expected.out
@@ -1,5 +1,3 @@
-1024 OK.
-1536 OK.
2048 OK.
3072 OK.
4096 OK.
diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
index 6f9285b6..c1dd4c80 100755
--- a/tests/004-selfsign-rsa/run.sh
+++ b/tests/004-selfsign-rsa/run.sh
@@ -33,7 +33,7 @@ function setupca() {
EOF
}
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
index dd5029ec..0eb84ef1 100644
--- a/tests/004-selfsign/expected.out
+++ b/tests/004-selfsign/expected.out
@@ -1,5 +1,3 @@
-1024 OK.
-1536 OK.
2048 OK.
3072 OK.
4096 OK.
diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
index 7bb368ec..eb1df4ee 100755
--- a/tests/004-selfsign/run.sh
+++ b/tests/004-selfsign/run.sh
@@ -43,7 +43,7 @@ function setupca() {
EOF
}
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
--
2.16.2

32
0002-Change-var-run-run-in-systemd-service-file.patch
View File

@ -1,32 +0,0 @@
From c2687bdf550f65756aef2cada53e18530ad402c9 Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@nwra.com>
Date: Wed, 8 May 2019 08:23:23 -0600
Subject: [PATCH] Change /var/run -> /run in systemd service file
systemd 239 complains about the legacy of certmonger's PID file which is
located in /var/run.
Signed-off-by: Orion Poplawski <orion@nwra.com>
---
systemd/certmonger.service.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/systemd/certmonger.service.in b/systemd/certmonger.service.in
index 7bdbb464..6381d845 100644
--- a/systemd/certmonger.service.in
+++ b/systemd/certmonger.service.in
@@ -4,9 +4,9 @@ After=syslog.target network.target dbus.service
[Service]
Type=dbus
-PIDFile=/var/run/certmonger.pid
+PIDFile=/run/certmonger.pid
EnvironmentFile=-/etc/sysconfig/certmonger
-ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS
+ExecStart=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS
BusName=@CM_DBUS_NAME@
[Install]
--
2.17.2

12
certmonger.spec
View File

@ -25,8 +25,8 @@
%endif %endif
Name: certmonger Name: certmonger
Version: 0.79.7 Version: 0.79.8
Release: 3%{?dist} Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client Summary: Certificate status monitor and PKI enrollment client
License: GPLv3+ License: GPLv3+
@ -111,17 +111,12 @@ Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
Conflicts: libtevent < 0.9.13 Conflicts: libtevent < 0.9.13
%endif %endif
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
Patch2: 0002-Change-var-run-run-in-systemd-service-file.patch
%description %description
Certmonger is a service which is primarily concerned with getting your Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled. system enrolled with a certificate authority (CA) and keeping it enrolled.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%patch2 -p1
%if 0%{?rhel} > 0 %if 0%{?rhel} > 0
# Enabled by default for RHEL for bug #765600, still disabled by default for # Enabled by default for RHEL for bug #765600, still disabled by default for
@ -249,6 +244,9 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Jul 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-1
- Update to upstream 0.79.8
* Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3 * Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
- Add BuildRequires for krb5-devel, the buildroot changed. - Add BuildRequires for krb5-devel, the buildroot changed.

2
sources
View File

@ -1 +1 @@
SHA512 (certmonger-0.79.7.tar.gz) = eca748cc28a3d9e3a1d5871848e1c22a6025b86a07ffc166bbca59f0945e2d461d6fc8201bd0e6b94d13680e86bbd29a501c5c38763484640b5b8f70ca470980 SHA512 (certmonger-0.79.8.tar.gz) = 5e6f9c6a0b9c4a7c68a5f894b9ff3ba20fa42aa4d490c7e5e57c97dab2e152ca6ef7aee64f17a92fce7ca971077011f8f391218098612011be2b4961203db6bc