Commit Graph

139 Commits

Author SHA1 Message Date
Rob Crittenden
a61f98095b Don't encode critical=FALSE in X509v3 extensions
Upstream issue https://pagure.io/certmonger/issue/223
2021-10-05 12:26:51 -04:00
Rob Crittenden
d48f9ad6fb Fix FTBFS due to OpenSSL 3.0.0 API change between beta1 and 2. 2021-09-29 07:46:52 -04:00
Rob Crittenden
11000d1148 Port to OpenSSL 3.0.0
This port was done downstream in during the OpenSSL beta in another
distribution but hasn't been merged upstream yet (because of said
beta).

Add port to Fedora. It will be merged upstream soon as well though
when it will land in a full release is TBD.
2021-09-15 16:50:18 -04:00
Sahana Prasad
889b545c21 Rebuilt with OpenSSL 3.0.0 2021-09-14 18:59:27 +02:00
Fedora Release Engineering
b996b8a98c - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 19:19:55 +00:00
Rob Crittenden
7fa119ea0d Update to upstream 0.79.14 2021-06-15 15:39:18 -04:00
Fedora Release Engineering
b1946ba88a - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 01:50:21 +00:00
Tom Stellard
9537c23e82 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2020-12-17 03:26:28 +00:00
Rob Crittenden
45a9828da0 Update to upstream 0.79.13 2020-10-20 16:30:14 -04:00
Rob Crittenden
efe9c7e6bb Update to upstream 0.79.12 2020-10-05 11:52:14 -04:00
Rob Crittenden
a89084be73 Sync with upstream: don't SIGKILL children, IPA JSON
- Don't send SIGKILL to child processes to terminate them
- Switch to JSON for communication with IPA
- Drop empty translation files in prep for dropping Zanata service
2020-09-18 14:27:14 -04:00
Fedora Release Engineering
cb253d4d52 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:50:28 +00:00
Rob Crittenden
772d7bd87c Fix for an unnecessary free() which can cause core dump.
https://pagure.io/certmonger/issue/163
2020-07-01 13:23:18 -04:00
Rob Crittenden
9e169141d1 Update to upstream 0.79.11 2020-06-30 13:35:48 -04:00
Rob Crittenden
d8aa717596 Update to upstream 0.79.10 2020-06-26 17:12:50 -04:00
Rob Crittenden
a170c390c3 Update to upstream 0.79.9 2020-01-31 14:27:20 -05:00
Fedora Release Engineering
64447f1ec7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 13:52:45 +00:00
Rob Crittenden
0d5116507b Use python 3 in tests, drop DSA tests disabled by policy
- Change python2-dbus build dependency to python3
- Convert tests to pass under python 3
- Skip DSA tests because it is disabled by default crypto policy
2019-10-30 13:27:58 -04:00
Fedora Release Engineering
fd501fe0b9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 20:07:08 +00:00
Rob Crittenden
21430b4d60 Update to upstream 0.79.8 2019-07-17 13:57:55 -04:00
Rob Crittenden
6f1c170b8b Add BuildRequires for krb5-devel, the buildroot changed 2019-05-22 15:23:43 -04:00
Rob Crittenden
2b5894b598 Move systemd tmpfiles from /var/run to /run
systemd 239 complains about the legacy of certmonger's tmpfiles
which are located in /var/run.

Change /var/run -> /run in systemd service file
2019-05-22 15:00:12 -04:00
Rob Crittenden
7eca3b6000 Update to upstream 0.79.7
Also fix rpm warning about embedded % in a comment
2019-02-18 11:34:00 -05:00
Fedora Release Engineering
b7968d8ead - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:27:18 +00:00
Igor Gnatenko
21eb591c1f Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:57 +01:00
Rob Crittenden
3103197f85 Pull in upstream fixes discovered in coverity and clang 2018-10-04 09:32:35 -04:00
Rob Crittenden
37cd032951 Improve NSS token handling
The updated NSS crypto-policy enables all tokens which broke
requesting certificates due to the way that tokens were managed.
2018-10-01 14:34:36 -04:00
Fedora Release Engineering
2ae7127155 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:41:43 +00:00
Jason Tibbitts
5deb371093 Remove needless use of %defattr 2018-07-10 00:29:44 -05:00
Adam Williamson
25f3d17e70 No longer buildrequire libidn-devel (as we use libidn2 now) 2018-05-18 15:18:39 -07:00
Rob Crittenden
f021a3d3fd Update to upstream 0.79.6 2018-05-08 13:08:07 -04:00
Iryna Shcherbina
3548e64705 Update Python 2 dependency declarations to new packaging standards 2018-03-15 00:30:33 +01:00
Rob Crittenden
c5174122f5 Fix unit tests. NSS crypto policy disallows keys < 1024 2018-02-23 13:41:55 -05:00
Rob Crittenden
21cdfd73c3 Add BuildRequires on gcc 2018-02-21 11:12:48 -05:00
Igor Gnatenko
e27a720d62
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:54:23 +01:00
Igor Gnatenko
24f7ad695b Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:07:26 +01:00
Fedora Release Engineering
a1123016c0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 04:46:10 +00:00
Rob Crittenden
6155daa274 Fixes for F28 switch to sqlite as the default NSS database type
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.

Also fix building in rawhide due to packaging changes

- Remove BR on mktemp. It is now provided by coreutils.
2018-01-16 16:14:56 -05:00
Rob Crittenden
3987281325 Switch BR from /usr/include/popt.h to popt-devel
The BuildRequires was setup to use a file because for some older
distributions popt.h was included in popt itself.

It's time to remove this workaround.
2017-10-04 13:35:02 -04:00
Rob Crittenden
41e3137ddf Update to 0.79.5
- update to 0.79.5:
   - getcert start-tracking: use issuer option when specified
   - add support for specifying the MS certificate template
   - Reformat certificates returned by Dogtag to strip extra newline

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
2017-09-01 16:15:10 -04:00
Rob Crittenden
7433273f05 Reformat certificates returned by Dogtag.
Dogtag was including a spurious newline before
-----END CERTIFICATE-----
2017-08-21 18:27:01 -04:00
Rob Crittenden
556a0b448b Update to 0.79.4
- update to 0.79.4:
  - fix CA option name for ipa cert-request
  - fix minor memory leak
  - fix build warnings
  - fix an incorrect date in the .spec changelog
  - bump gettext version to avoid warning

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
2017-08-07 17:56:14 -04:00
Fedora Release Engineering
b373412701 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 18:42:53 +00:00
Fedora Release Engineering
a5d6ea922f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 04:41:03 +00:00
Nalin Dahyabhai
6ff35d776f Update to 0.79.3
- update to 0.79.3:
  - fix self-signing self-test cases that used DSA or EC keys

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-28 01:33:53 -05:00
Nalin Dahyabhai
c68c5e7f21 Update to 0.79.2-2
- update to 0.79.2:
  - update %%docs list because README is now README.md

- update to 0.79.1:
  - update translations
  - fix 'make archive' target

- update to 0.79:
  - getcert now offers an option (-X) for requesting processing by a particular
    CA if the server we're contacting is running more than one
  - getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for
    requesting BasicConstraints values
  - getcert now displays times in local time instead of UTC, which was
    previously the only way they were displayed; the --utc option can often be
    used to switch back to its previous behavior
  - the SCEP enrollment helper now correctly issues GetCACertChain requests to
    SCEP servers, instead of issuing a GetCAChain request, which isn't part of
    the protocol; from report by Jason Garland
  - when issuing SCEP requests, the ID of the CA included in the HTTP request
    is now URL-encoded, as it should be
  - renewal or notification-of-impending-expiration logic is now triggered
    closer to TTL thresholds rather than waiting for a periodic check to pass a
    threshold
  - properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz
    for a lot of the legwork
- resync .spec file with Fedora
- upstream project migrated from fedorahosted.org to pagure.io

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-27 22:03:49 -05:00
Fedora Release Engineering
a4236fbbbc - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 07:24:26 +00:00
Igor Gnatenko
d852149729 Rebuild for xmlrpc-c
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-01-21 14:49:59 +01:00
Nalin Dahyabhai
3f8a64cc9e Add backported fixes for test failures
Add backported fix to the tests to wait a reasonable amount of time
after calling the 'resubmit' method for a new certificate to be issued
when we're exercising the D-Bus API (backport done by Jan Cholasta,
2016-07-06 14:31:36 -04:00
Nalin Dahyabhai
93e4828d8d Use dbus-send instead of SIGHUP to reload the bus
Instead of using killall to send a SIGHUP to the system bus daemon in
%post to get it to reload its configuration, use dbus-send to send a
ReloadConfig request over the bus (should fix #1277573).
2016-07-06 13:45:36 -04:00