diff --git a/.gitignore b/.gitignore index 033ceb6..a4e55d1 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,5 @@ certmonger-0.28.tar.gz /certmonger-0.68.tar.gz.sig /certmonger-0.69.tar.gz /certmonger-0.69.tar.gz.sig +/certmonger-0.70.tar.gz +/certmonger-0.70.tar.gz.sig diff --git a/certmonger.spec b/certmonger.spec index cb2dacb..f962576 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -19,7 +19,7 @@ %endif Name: certmonger -Version: 0.69 +Version: 0.70 Release: 1%{?dist} Summary: Certificate status monitor and PKI enrollment client @@ -104,6 +104,7 @@ sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in %if %{tmpfiles} --enable-tmpfiles \ %endif + --with-homedir=/var/run/certmonger \ --with-tmpdir=/var/run/certmonger --enable-pie --enable-now # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just # tell us about libxmlrpc_client, but we need more. Work around. @@ -201,6 +202,15 @@ exit 0 %endif %changelog +* Thu Jan 2 2014 Nalin Dahyabhai 0.70-1 +- add a --with-homedir option to configure, and use it, since subprocesses + which we run and which use NSS may attempt to write to $HOME/.pki, and + 0.69's strategy of setting that to "/" was rightly hitting SELinux policy + denials (#1047798) + +* Fri Dec 27 2013 Daniel Mach - 0.69-2 +- Mass rebuild 2013-12-27 + * Mon Dec 9 2013 Nalin Dahyabhai 0.69-1 - tweak how we decide whether we're on the master or a minion when we're told to use certmaster as a CA diff --git a/sources b/sources index aac4411..4738c95 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -6aea5924b43f45fee29e3c2fd7844536 certmonger-0.69.tar.gz -85b7fbee28594deab000574ce887e050 certmonger-0.69.tar.gz.sig +396fbf14bc9e29937518af6991323ba9 certmonger-0.70.tar.gz +91aa1fa974b2942a24c35c9b0b571819 certmonger-0.70.tar.gz.sig