Commit Graph

136 Commits

Author SHA1 Message Date
Rob Crittenden
a89084be73 Sync with upstream: don't SIGKILL children, IPA JSON
- Don't send SIGKILL to child processes to terminate them
- Switch to JSON for communication with IPA
- Drop empty translation files in prep for dropping Zanata service
2020-09-18 14:27:14 -04:00
Fedora Release Engineering
cb253d4d52 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:50:28 +00:00
Rob Crittenden
772d7bd87c Fix for an unnecessary free() which can cause core dump.
https://pagure.io/certmonger/issue/163
2020-07-01 13:23:18 -04:00
Rob Crittenden
9e169141d1 Update to upstream 0.79.11 2020-06-30 13:35:48 -04:00
Rob Crittenden
d8aa717596 Update to upstream 0.79.10 2020-06-26 17:12:50 -04:00
Rob Crittenden
a170c390c3 Update to upstream 0.79.9 2020-01-31 14:27:20 -05:00
Fedora Release Engineering
64447f1ec7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 13:52:45 +00:00
Rob Crittenden
0d5116507b Use python 3 in tests, drop DSA tests disabled by policy
- Change python2-dbus build dependency to python3
- Convert tests to pass under python 3
- Skip DSA tests because it is disabled by default crypto policy
2019-10-30 13:27:58 -04:00
Fedora Release Engineering
fd501fe0b9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 20:07:08 +00:00
Rob Crittenden
21430b4d60 Update to upstream 0.79.8 2019-07-17 13:57:55 -04:00
Rob Crittenden
6f1c170b8b Add BuildRequires for krb5-devel, the buildroot changed 2019-05-22 15:23:43 -04:00
Rob Crittenden
2b5894b598 Move systemd tmpfiles from /var/run to /run
systemd 239 complains about the legacy of certmonger's tmpfiles
which are located in /var/run.

Change /var/run -> /run in systemd service file
2019-05-22 15:00:12 -04:00
Rob Crittenden
7eca3b6000 Update to upstream 0.79.7
Also fix rpm warning about embedded % in a comment
2019-02-18 11:34:00 -05:00
Fedora Release Engineering
b7968d8ead - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:27:18 +00:00
Igor Gnatenko
21eb591c1f Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:57 +01:00
Rob Crittenden
3103197f85 Pull in upstream fixes discovered in coverity and clang 2018-10-04 09:32:35 -04:00
Rob Crittenden
37cd032951 Improve NSS token handling
The updated NSS crypto-policy enables all tokens which broke
requesting certificates due to the way that tokens were managed.
2018-10-01 14:34:36 -04:00
Fedora Release Engineering
2ae7127155 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:41:43 +00:00
Jason Tibbitts
5deb371093 Remove needless use of %defattr 2018-07-10 00:29:44 -05:00
Adam Williamson
25f3d17e70 No longer buildrequire libidn-devel (as we use libidn2 now) 2018-05-18 15:18:39 -07:00
Rob Crittenden
f021a3d3fd Update to upstream 0.79.6 2018-05-08 13:08:07 -04:00
Iryna Shcherbina
3548e64705 Update Python 2 dependency declarations to new packaging standards 2018-03-15 00:30:33 +01:00
Rob Crittenden
c5174122f5 Fix unit tests. NSS crypto policy disallows keys < 1024 2018-02-23 13:41:55 -05:00
Rob Crittenden
21cdfd73c3 Add BuildRequires on gcc 2018-02-21 11:12:48 -05:00
Igor Gnatenko
e27a720d62
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:54:23 +01:00
Igor Gnatenko
24f7ad695b Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:07:26 +01:00
Fedora Release Engineering
a1123016c0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 04:46:10 +00:00
Rob Crittenden
6155daa274 Fixes for F28 switch to sqlite as the default NSS database type
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.

Also fix building in rawhide due to packaging changes

- Remove BR on mktemp. It is now provided by coreutils.
2018-01-16 16:14:56 -05:00
Rob Crittenden
3987281325 Switch BR from /usr/include/popt.h to popt-devel
The BuildRequires was setup to use a file because for some older
distributions popt.h was included in popt itself.

It's time to remove this workaround.
2017-10-04 13:35:02 -04:00
Rob Crittenden
41e3137ddf Update to 0.79.5
- update to 0.79.5:
   - getcert start-tracking: use issuer option when specified
   - add support for specifying the MS certificate template
   - Reformat certificates returned by Dogtag to strip extra newline

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
2017-09-01 16:15:10 -04:00
Rob Crittenden
7433273f05 Reformat certificates returned by Dogtag.
Dogtag was including a spurious newline before
-----END CERTIFICATE-----
2017-08-21 18:27:01 -04:00
Rob Crittenden
556a0b448b Update to 0.79.4
- update to 0.79.4:
  - fix CA option name for ipa cert-request
  - fix minor memory leak
  - fix build warnings
  - fix an incorrect date in the .spec changelog
  - bump gettext version to avoid warning

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
2017-08-07 17:56:14 -04:00
Fedora Release Engineering
b373412701 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 18:42:53 +00:00
Fedora Release Engineering
a5d6ea922f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 04:41:03 +00:00
Nalin Dahyabhai
6ff35d776f Update to 0.79.3
- update to 0.79.3:
  - fix self-signing self-test cases that used DSA or EC keys

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-28 01:33:53 -05:00
Nalin Dahyabhai
c68c5e7f21 Update to 0.79.2-2
- update to 0.79.2:
  - update %%docs list because README is now README.md

- update to 0.79.1:
  - update translations
  - fix 'make archive' target

- update to 0.79:
  - getcert now offers an option (-X) for requesting processing by a particular
    CA if the server we're contacting is running more than one
  - getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for
    requesting BasicConstraints values
  - getcert now displays times in local time instead of UTC, which was
    previously the only way they were displayed; the --utc option can often be
    used to switch back to its previous behavior
  - the SCEP enrollment helper now correctly issues GetCACertChain requests to
    SCEP servers, instead of issuing a GetCAChain request, which isn't part of
    the protocol; from report by Jason Garland
  - when issuing SCEP requests, the ID of the CA included in the HTTP request
    is now URL-encoded, as it should be
  - renewal or notification-of-impending-expiration logic is now triggered
    closer to TTL thresholds rather than waiting for a periodic check to pass a
    threshold
  - properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz
    for a lot of the legwork
- resync .spec file with Fedora
- upstream project migrated from fedorahosted.org to pagure.io

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-27 22:03:49 -05:00
Fedora Release Engineering
a4236fbbbc - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 07:24:26 +00:00
Igor Gnatenko
d852149729 Rebuild for xmlrpc-c
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-01-21 14:49:59 +01:00
Nalin Dahyabhai
3f8a64cc9e Add backported fixes for test failures
Add backported fix to the tests to wait a reasonable amount of time
after calling the 'resubmit' method for a new certificate to be issued
when we're exercising the D-Bus API (backport done by Jan Cholasta,
2016-07-06 14:31:36 -04:00
Nalin Dahyabhai
93e4828d8d Use dbus-send instead of SIGHUP to reload the bus
Instead of using killall to send a SIGHUP to the system bus daemon in
%post to get it to reload its configuration, use dbus-send to send a
ReloadConfig request over the bus (should fix #1277573).
2016-07-06 13:45:36 -04:00
Dennis Gilmore
07d25c2dcf - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 17:33:39 +00:00
Nalin Dahyabhai
5f3c01e3a4 Update to 0.78.6
- document the -R, -N, -o, and -t flags for dogtag-ipa-renew-agent-submit
- stop checking that we can generate 512 bit keys during self-tests
2016-01-13 13:54:21 -05:00
Nalin Dahyabhai
1e4e4bd4df Update to 0.78.5
- fix a possible uninitialized memory read (possibly #1260871)
- log a diagnostic error when we fail to initialize libkrb5
2015-11-16 17:44:15 -05:00
Nalin Dahyabhai
c0ca98f8c4 Update to 0.78.4
Update to 0.78.4:
- fix the "getcert start-tracking" -L and -l options (#1249753)
- output diagnostics about the second request when scep-submit encounters an
  error during a second request to the SCEP server
2015-08-04 14:54:37 -04:00
Nalin Dahyabhai
cb61adfa6c Update to 0.78.3
- call poptGetOptArg() correctly, to fix parsing of the -R flag to scep-submit
  and the -O and -o flags to dogtag-submit (#1244914)
2015-07-20 15:29:52 -04:00
Nalin Dahyabhai
144e7dd1b0 Update to 0.78.2
- tweak initialization so that we set up for providing our D-Bus API before we
  register our name with the bus, so that we can handle any requests that
  arrive before the acknowledgement of that registration
- on systems that run systemd, add the right data file so that the service gets
  started when someone tries to talk to the daemon (ticket #38)
- correctly check for error responses when sending GetCAChain requests to SCEP
  servers
2015-07-09 20:21:53 -04:00
Nalin Dahyabhai
a85bb52ef3 Update to 0.78.1
- fixup the key-information-read test for DSA to account for certutil
  generating 1024 bit keys when we ask for more
- fix a typo in the package changelog
- add relevant references to bug reports and tickets in the 0.78 log
2015-06-21 02:21:52 -04:00
Nalin Dahyabhai
0760509e84 Update to 0.78
- switch to using popt for parsing command line arguments, continuing to
  use old help text for now so that we can catch up with translations (print
  old text for --help, new text (with longopts!) for -H)
- add some plumbing for eventually receiving per-certificate roots in
  addition to issued certificates and chain certificates
- add a "rekey" command to getcert, for triggering enrollment using a new
  key pair
- scep-submit: check for the Renewal capability, and default to taking
  advantage of it during rekeying, unless the new -n flag is specified to it
- dogtag-submit: add flags for passing user names, UDNs, passwords, and PINs
  to the helper
- dogtag-submit: add a flag for using the agent creds to do TLS client auth
  while submitting enrollment requests
- dogtag-submit: handle cases where we submit a request and the server
  returns a success code rather than just queuing the request
- ipa-submit: pass requested profile names to the server as an argument
  named "profile_id"; if the server gives us an "unrecognized argument"
  error, retry without it for compatibility's sake
- keygen: fix a possible crash if keygen fails to return a key from NSS
- correct the certmonger(8) man page's description of the -c flag, whic it
  used to call the -C flag
- add logic for setting ownership and permissions on certificates and keys
  when saving them to disk
- add configuration options "max_key_lifetime" and "max_key_use_count" for
  making automatic renewal prefer rekeying
2015-06-20 11:25:43 -04:00
Dennis Gilmore
b13cf66225 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 02:30:53 +00:00
Nalin Dahyabhai
d00093b7bf Whoops, actually update to 0.77.5 2015-05-28 10:25:45 -04:00