Compare commits
No commits in common. "c8" and "c10s" have entirely different histories.
@ -1 +0,0 @@
|
|||||||
ab77485e556d96c5c2b885ee3d0f27794276dfee SOURCES/certmonger-0.79.17.tar.gz
|
|
140
.gitignore
vendored
140
.gitignore
vendored
@ -1 +1,139 @@
|
|||||||
SOURCES/certmonger-0.79.17.tar.gz
|
certmonger-0.17.tar.gz
|
||||||
|
certmonger-0.18.tar.gz
|
||||||
|
certmonger-0.19.tar.gz
|
||||||
|
certmonger-0.20.tar.gz
|
||||||
|
certmonger-0.21.tar.gz
|
||||||
|
certmonger-0.22.tar.gz
|
||||||
|
certmonger-0.23.tar.gz
|
||||||
|
certmonger-0.24.tar.gz
|
||||||
|
certmonger-0.26.tar.gz
|
||||||
|
certmonger-0.28.tar.gz
|
||||||
|
/certmonger-0.30.tar.gz
|
||||||
|
/certmonger-0.32.tar.gz
|
||||||
|
/certmonger-0.34.tar.gz
|
||||||
|
/certmonger-0.35.tar.gz
|
||||||
|
/certmonger-0.35.1.tar.gz
|
||||||
|
/certmonger-0.36.tar.gz
|
||||||
|
/certmonger-0.37.tar.gz
|
||||||
|
/certmonger-0.38.tar.gz
|
||||||
|
/certmonger-0.39.tar.gz
|
||||||
|
/certmonger-0.40.tar.gz
|
||||||
|
/certmonger-0.41.tar.gz
|
||||||
|
/certmonger-0.42.tar.gz
|
||||||
|
/certmonger-0.43.tar.gz
|
||||||
|
/certmonger-0.44.tar.gz
|
||||||
|
/certmonger-0.45.tar.gz
|
||||||
|
/certmonger-0.46.tar.gz
|
||||||
|
/certmonger-0.49.tar.gz
|
||||||
|
/certmonger-0.49.tar.gz.sig
|
||||||
|
/certmonger-0.50.tar.gz
|
||||||
|
/certmonger-0.50.tar.gz.sig
|
||||||
|
/certmonger-0.51.tar.gz
|
||||||
|
/certmonger-0.51.tar.gz.sig
|
||||||
|
/certmonger-0.52.tar.gz
|
||||||
|
/certmonger-0.52.tar.gz.sig
|
||||||
|
/certmonger-0.54.tar.gz
|
||||||
|
/certmonger-0.54.tar.gz.sig
|
||||||
|
/certmonger-0.55.tar.gz
|
||||||
|
/certmonger-0.55.tar.gz.sig
|
||||||
|
/certmonger-0.56.tar.gz
|
||||||
|
/certmonger-0.56.tar.gz.sig
|
||||||
|
/certmonger-0.59.tar.gz
|
||||||
|
/certmonger-0.59.tar.gz.sig
|
||||||
|
/certmonger-0.60.tar.gz
|
||||||
|
/certmonger-0.60.tar.gz.sig
|
||||||
|
/certmonger-0.61.tar.gz
|
||||||
|
/certmonger-0.61.tar.gz.sig
|
||||||
|
/certmonger-0.62.tar.gz
|
||||||
|
/certmonger-0.62.tar.gz.sig
|
||||||
|
/certmonger-0.63.tar.gz
|
||||||
|
/certmonger-0.63.tar.gz.sig
|
||||||
|
/certmonger-0.65.tar.gz
|
||||||
|
/certmonger-0.65.tar.gz.sig
|
||||||
|
/certmonger-0.67.tar.gz
|
||||||
|
/certmonger-0.67.tar.gz.sig
|
||||||
|
/certmonger-0.68.tar.gz
|
||||||
|
/certmonger-0.68.tar.gz.sig
|
||||||
|
/certmonger-0.69.tar.gz
|
||||||
|
/certmonger-0.69.tar.gz.sig
|
||||||
|
/certmonger-0.70.tar.gz
|
||||||
|
/certmonger-0.70.tar.gz.sig
|
||||||
|
/certmonger-0.71.2.tar.gz
|
||||||
|
/certmonger-0.71.2.tar.gz.sig
|
||||||
|
/certmonger-0.73.tar.gz
|
||||||
|
/certmonger-0.73.tar.gz.sig
|
||||||
|
/certmonger-0.74.tar.gz
|
||||||
|
/certmonger-0.74.tar.gz.sig
|
||||||
|
/certmonger-0.75.tar.gz
|
||||||
|
/certmonger-0.75.tar.gz.sig
|
||||||
|
/certmonger-0.75.1.tar.gz
|
||||||
|
/certmonger-0.75.1.tar.gz.sig
|
||||||
|
/certmonger-0.75.2.tar.gz
|
||||||
|
/certmonger-0.75.2.tar.gz.sig
|
||||||
|
/certmonger-0.75.3.tar.gz
|
||||||
|
/certmonger-0.75.3.tar.gz.sig
|
||||||
|
/certmonger-0.75.5.tar.gz
|
||||||
|
/certmonger-0.75.5.tar.gz.sig
|
||||||
|
/certmonger-0.75.6.tar.gz
|
||||||
|
/certmonger-0.75.6.tar.gz.sig
|
||||||
|
/certmonger-0.75.8.tar.gz
|
||||||
|
/certmonger-0.75.8.tar.gz.sig
|
||||||
|
/certmonger-0.75.9.tar.gz
|
||||||
|
/certmonger-0.75.9.tar.gz.sig
|
||||||
|
/certmonger-0.75.10.tar.gz
|
||||||
|
/certmonger-0.75.10.tar.gz.sig
|
||||||
|
/certmonger-0.75.13.tar.gz
|
||||||
|
/certmonger-0.75.13.tar.gz.sig
|
||||||
|
/certmonger-0.75.14.tar.gz
|
||||||
|
/certmonger-0.75.14.tar.gz.sig
|
||||||
|
/certmonger-0.76.6.tar.gz
|
||||||
|
/certmonger-0.76.6.tar.gz.sig
|
||||||
|
/certmonger-0.76.7.tar.gz
|
||||||
|
/certmonger-0.76.7.tar.gz.sig
|
||||||
|
/certmonger-0.76.8.tar.gz
|
||||||
|
/certmonger-0.76.8.tar.gz.sig
|
||||||
|
/certmonger-0.77.1.tar.gz
|
||||||
|
/certmonger-0.77.1.tar.gz.sig
|
||||||
|
/certmonger-0.77.2.tar.gz
|
||||||
|
/certmonger-0.77.2.tar.gz.sig
|
||||||
|
/certmonger-0.77.3.tar.gz
|
||||||
|
/certmonger-0.77.3.tar.gz.sig
|
||||||
|
/certmonger-0.77.4.tar.gz
|
||||||
|
/certmonger-0.77.4.tar.gz.sig
|
||||||
|
/certmonger-0.77.5.tar.gz
|
||||||
|
/certmonger-0.77.5.tar.gz.sig
|
||||||
|
/certmonger-0.78.tar.gz
|
||||||
|
/certmonger-0.78.tar.gz.sig
|
||||||
|
/certmonger-0.78.1.tar.gz
|
||||||
|
/certmonger-0.78.1.tar.gz.sig
|
||||||
|
/certmonger-0.78.2.tar.gz
|
||||||
|
/certmonger-0.78.2.tar.gz.sig
|
||||||
|
/certmonger-0.78.3.tar.gz
|
||||||
|
/certmonger-0.78.3.tar.gz.sig
|
||||||
|
/certmonger-0.78.4.tar.gz
|
||||||
|
/certmonger-0.78.4.tar.gz.sig
|
||||||
|
/certmonger-0.78.5.tar.gz
|
||||||
|
/certmonger-0.78.5.tar.gz.sig
|
||||||
|
/certmonger-0.78.6.tar.gz
|
||||||
|
/certmonger-0.78.6.tar.gz.sig
|
||||||
|
/certmonger-0.79.2.tar.gz
|
||||||
|
/certmonger-0.79.2.tar.gz.sig
|
||||||
|
/certmonger-0.79.3.tar.gz
|
||||||
|
/certmonger-0.79.3.tar.gz.sig
|
||||||
|
/certmonger-0.79.4.tar.gz
|
||||||
|
/certmonger-0.79.5.tar.gz
|
||||||
|
/certmonger-0.79.6.tar.gz
|
||||||
|
/certmonger-0.79.7.tar.gz
|
||||||
|
/certmonger-0.79.8.tar.gz
|
||||||
|
/certmonger-0.79.9.tar.gz
|
||||||
|
/certmonger-0.79.10.tar.gz
|
||||||
|
/certmonger-0.79.11.tar.gz
|
||||||
|
/certmonger-0.79.12.tar.gz
|
||||||
|
/certmonger-0.79.13.tar.gz
|
||||||
|
/certmonger-0.79.14.tar.gz
|
||||||
|
/certmonger-0.79.15.tar.gz
|
||||||
|
/certmonger-0.79.16.tar.gz
|
||||||
|
/certmonger-0.79.17.tar.gz
|
||||||
|
/certmonger-0.79.18.tar.gz
|
||||||
|
/certmonger-0.79.19.tar.gz
|
||||||
|
/certmonger-0.79.20.tar.gz
|
||||||
|
29
0001-Don-t-free-soptions-while-it-is-still-needed.patch
Normal file
29
0001-Don-t-free-soptions-while-it-is-still-needed.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From c5270bde4dab84f18c347e82376ef00733865247 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Wed, 1 Jul 2020 10:46:50 -0400
|
||||||
|
Subject: [PATCH] Don't free soptions while it is still needed
|
||||||
|
|
||||||
|
Introduced in fbcf03dd44007a9b231e9396cc418a00e1a4b49a trying
|
||||||
|
to avoid leaking soptions and aoptions.
|
||||||
|
|
||||||
|
https://pagure.io/certmonger/issue/163
|
||||||
|
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
---
|
||||||
|
src/dogtag.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/dogtag.c b/src/dogtag.c
|
||||||
|
index 91c9c588..faf81f97 100644
|
||||||
|
--- a/src/dogtag.c
|
||||||
|
+++ b/src/dogtag.c
|
||||||
|
@@ -579,7 +579,6 @@ main(int argc, const char **argv)
|
||||||
|
pin = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- free(soptions);
|
||||||
|
/* Add client creds. */
|
||||||
|
if (uid != NULL) {
|
||||||
|
uid = cm_submit_u_url_encode(uid);
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -0,0 +1,28 @@
|
|||||||
|
From 00e948049acf0ca1b61ed9c2b8579b06b4bcb46a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Tue, 18 Aug 2020 14:33:17 -0400
|
||||||
|
Subject: [PATCH 02/11] Don't send SIGKILL to children, give them a chance to
|
||||||
|
die
|
||||||
|
|
||||||
|
This was causing issues in IPA which uses a lock file to
|
||||||
|
serialize some operations. The kill was leaving the lock in
|
||||||
|
place causing things to time out.
|
||||||
|
---
|
||||||
|
src/subproc.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/subproc.c b/src/subproc.c
|
||||||
|
index 8df836ae..70d4ed93 100644
|
||||||
|
--- a/src/subproc.c
|
||||||
|
+++ b/src/subproc.c
|
||||||
|
@@ -240,7 +240,6 @@ cm_subproc_done(struct cm_subproc_state *state)
|
||||||
|
|
||||||
|
if (state != NULL) {
|
||||||
|
if (state->pid != -1) {
|
||||||
|
- kill(state->pid, SIGKILL);
|
||||||
|
do {
|
||||||
|
pid = waitpid(state->pid, &state->status, 0);
|
||||||
|
cm_log(4, "Waited for %ld, got %ld.\n",
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
204174
0003-Remove-empty-translation-files.patch
Normal file
204174
0003-Remove-empty-translation-files.patch
Normal file
File diff suppressed because it is too large
Load Diff
28
0004-remove-dead-make-targets.patch
Normal file
28
0004-remove-dead-make-targets.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 93974735c31e653acc0d3de7e1cb165dbe764aef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Fraser Tweedale <ftweedal@redhat.com>
|
||||||
|
Date: Wed, 16 Sep 2020 15:49:00 +1000
|
||||||
|
Subject: [PATCH 04/11] remove dead make targets
|
||||||
|
|
||||||
|
Commit 13abd68c7b862719e7b0ed065906cc28c6157a41 removed some files,
|
||||||
|
but left dangling references to those files in tests/Makefile.am,
|
||||||
|
breaking the build. Delete references to the deleted files.
|
||||||
|
---
|
||||||
|
tests/Makefile.am | 2 --
|
||||||
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index c1ce8412..013d34bf 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -156,8 +156,6 @@ EXTRA_DIST = \
|
||||||
|
002-keygen-dsa/prequal.sh \
|
||||||
|
002-keygen-dsa/run.sh \
|
||||||
|
002-keygen-dsa/expected.out \
|
||||||
|
- 002-keygen-dsa/expected.out.2 \
|
||||||
|
- 002-keygen-dsa/expected.out.3 \
|
||||||
|
002-keygen-ec/prequal.sh \
|
||||||
|
002-keygen-ec/run.sh \
|
||||||
|
002-keygen-ec/expected.out \
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
201
0005-Require-jansson-for-IPA-RPC-calls-make-xmlrpc-option.patch
Normal file
201
0005-Require-jansson-for-IPA-RPC-calls-make-xmlrpc-option.patch
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
From 1de7c2e7d4f3557bb45b9526016b766c7119c6ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Thu, 20 Aug 2020 16:52:13 -0400
|
||||||
|
Subject: [PATCH 05/11] Require jansson for IPA RPC calls, make xmlrpc optional
|
||||||
|
|
||||||
|
xmlrpc is now only used for certmaster
|
||||||
|
|
||||||
|
IPA will only make JSON RPC calls to retrieve certificates
|
||||||
|
---
|
||||||
|
configure.ac | 59 ++++++++++++++++++++++++++++++-------------------
|
||||||
|
src/Makefile.am | 33 ++++++++++++++++++++-------
|
||||||
|
2 files changed, 61 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index abcd6d84..14991244 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -278,29 +278,42 @@ if ! ${configure_dist_target_only:-false} ; then
|
||||||
|
CPPFLAGS="$savedCPPFLAGS"
|
||||||
|
LDFLAGS="$savedLDFLAGS"
|
||||||
|
|
||||||
|
- dnl PKG_CHECK_MODULES(XMLRPC,xmlrpc_client) # Not provided in upstream versions.
|
||||||
|
- savedCFLAGS="$CFLAGS"
|
||||||
|
- CFLAGS=
|
||||||
|
- AC_ARG_VAR(XMLRPC_C_CONFIG,[the full path of the xmlrpc-c-config command])
|
||||||
|
- AC_PATH_PROG(XMLRPC_C_CONFIG,[xmlrpc-c-config],,[$PATH$PATH_SEPARATOR/usr/xmlrpc/bin$PATH_SEPARATOR/usr/xmlrpc-c/bin])
|
||||||
|
- if test -z "$XMLRPC_C_CONFIG" ; then
|
||||||
|
- AC_MSG_ERROR(xmlrpc-c-config not found)
|
||||||
|
- fi
|
||||||
|
- AC_MSG_CHECKING(for XMLRPC CFLAGS)
|
||||||
|
- XMLRPC_CFLAGS="`${XMLRPC_C_CONFIG} client --cflags` `${XMLRPC_C_CONFIG} --cflags`"
|
||||||
|
- AC_MSG_RESULT([$XMLRPC_CFLAGS])
|
||||||
|
- AC_SUBST(XMLRPC_CFLAGS)
|
||||||
|
- AC_MSG_CHECKING(for XMLRPC LIBS)
|
||||||
|
- XMLRPC_LIBS="`${XMLRPC_C_CONFIG} client --libs` `${XMLRPC_C_CONFIG} --libs`"
|
||||||
|
- AC_MSG_RESULT([$XMLRPC_LIBS])
|
||||||
|
- AC_SUBST(XMLRPC_LIBS)
|
||||||
|
- CFLAGS="$CFLAGS $XMLRPC_CFLAGS"
|
||||||
|
- AC_CHECK_MEMBERS(struct xmlrpc_curl_xportparms.gssapi_delegation,,,
|
||||||
|
- [
|
||||||
|
- #include <xmlrpc-c/client.h>
|
||||||
|
- #include <xmlrpc-c/transport.h>
|
||||||
|
- ])
|
||||||
|
- CFLAGS="$savedCFLAGS"
|
||||||
|
+ PKG_CHECK_MODULES(JANSSON,jansson)
|
||||||
|
+ have_jansson=true
|
||||||
|
+
|
||||||
|
+ AC_ARG_WITH([xmlrpc],
|
||||||
|
+ [AC_HELP_STRING([--with-xmlrpc], [Enable XML-RPC support])],
|
||||||
|
+ [with_xmlrpc=${with_xmlrpc}],
|
||||||
|
+ [with_xmlrpc=no])
|
||||||
|
+ AS_IF([test x"$with_xmlrpc" = xyes], [AC_DEFINE([WITH_XMLRPC], [1],
|
||||||
|
+ [include XMLRPC support])])
|
||||||
|
+ AM_CONDITIONAL(WITH_XMLRPC,test x"$with_xmlrpc" = xyes)
|
||||||
|
+
|
||||||
|
+ AS_IF([test x"$with_xmlrpc" = xyes], [
|
||||||
|
+ dnl PKG_CHECK_MODULES(XMLRPC,xmlrpc_client) # Not provided in upstream versions.
|
||||||
|
+ savedCFLAGS="$CFLAGS"
|
||||||
|
+ CFLAGS=
|
||||||
|
+ AC_ARG_VAR(XMLRPC_C_CONFIG,[the full path of the xmlrpc-c-config command])
|
||||||
|
+ AC_PATH_PROG(XMLRPC_C_CONFIG,[xmlrpc-c-config],,[$PATH$PATH_SEPARATOR/usr/xmlrpc/bin$PATH_SEPARATOR/usr/xmlrpc-c/bin])
|
||||||
|
+ if test -z "$XMLRPC_C_CONFIG" ; then
|
||||||
|
+ AC_MSG_ERROR(xmlrpc-c-config not found)
|
||||||
|
+ fi
|
||||||
|
+ AC_MSG_CHECKING(for XMLRPC CFLAGS)
|
||||||
|
+ XMLRPC_CFLAGS="`${XMLRPC_C_CONFIG} client --cflags` `${XMLRPC_C_CONFIG} --cflags`"
|
||||||
|
+ AC_MSG_RESULT([$XMLRPC_CFLAGS])
|
||||||
|
+ AC_SUBST(XMLRPC_CFLAGS)
|
||||||
|
+ AC_MSG_CHECKING(for XMLRPC LIBS)
|
||||||
|
+ XMLRPC_LIBS="`${XMLRPC_C_CONFIG} client --libs` `${XMLRPC_C_CONFIG} --libs`"
|
||||||
|
+ AC_MSG_RESULT([$XMLRPC_LIBS])
|
||||||
|
+ AC_SUBST(XMLRPC_LIBS)
|
||||||
|
+ CFLAGS="$CFLAGS $XMLRPC_CFLAGS"
|
||||||
|
+ AC_CHECK_MEMBERS(struct xmlrpc_curl_xportparms.gssapi_delegation,,,
|
||||||
|
+ [
|
||||||
|
+ #include <xmlrpc-c/client.h>
|
||||||
|
+ #include <xmlrpc-c/transport.h>
|
||||||
|
+ ])
|
||||||
|
+ CFLAGS="$savedCFLAGS"
|
||||||
|
+ ])
|
||||||
|
|
||||||
|
savedCFLAGS="$CFLAGS"
|
||||||
|
savedCPPFLAGS="$CPPFLAGS"
|
||||||
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||||
|
index 5343dbc4..13bd87d9 100644
|
||||||
|
--- a/src/Makefile.am
|
||||||
|
+++ b/src/Makefile.am
|
||||||
|
@@ -11,15 +11,17 @@ LDFLAGS += -Wl,-z,relro,-z,now
|
||||||
|
endif
|
||||||
|
man_MANS = certmonger.8 getcert.1 getcert-request.1 getcert-list.1 \
|
||||||
|
getcert-list-cas.1 getcert-start-tracking.1 getcert-stop-tracking.1 \
|
||||||
|
- selfsign-getcert.1 ipa-getcert.1 certmaster-getcert.1 \
|
||||||
|
+ selfsign-getcert.1 ipa-getcert.1 \
|
||||||
|
getcert-resubmit.1 certmonger-ipa-submit.8 \
|
||||||
|
- certmonger-certmaster-submit.8 \
|
||||||
|
certmonger-dogtag-ipa-renew-agent-submit.8 certmonger.conf.5 \
|
||||||
|
getcert-refresh.1 getcert-refresh-ca.1 local-getcert.1 \
|
||||||
|
certmonger-local-submit.8 getcert-status.1 \
|
||||||
|
certmonger-dogtag-submit.8 certmonger-scep-submit.8 \
|
||||||
|
getcert-add-ca.1 getcert-add-scep-ca.1 getcert-modify-ca.1 \
|
||||||
|
getcert-remove-ca.1 getcert-rekey.1
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
+man_MANS += certmaster-getcert.1 certmonger-certmaster-submit.8
|
||||||
|
+endif
|
||||||
|
pkgsysconfdir = $(sysconfdir)/$(PACKAGE)
|
||||||
|
pkgsysconf_DATA = certmonger.conf
|
||||||
|
EXTRA_PROGRAMS =
|
||||||
|
@@ -105,8 +107,6 @@ libcm_a_SOURCES = \
|
||||||
|
submit-sn.c \
|
||||||
|
submit-u.c \
|
||||||
|
submit-u.h \
|
||||||
|
- submit-x.c \
|
||||||
|
- submit-x.h \
|
||||||
|
subproc.c \
|
||||||
|
subproc.h \
|
||||||
|
tdbus.c \
|
||||||
|
@@ -121,6 +121,11 @@ libcm_a_SOURCES = \
|
||||||
|
util-m.h \
|
||||||
|
util-n.c \
|
||||||
|
util-n.h
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
+libcm_a_SOURCES += \
|
||||||
|
+ submit-x.c \
|
||||||
|
+ submit-x.h
|
||||||
|
+endif
|
||||||
|
libcm_o_a_SOURCES =
|
||||||
|
if HAVE_OPENSSL
|
||||||
|
libcm_o_a_SOURCES += \
|
||||||
|
@@ -158,11 +163,13 @@ ipa_getcert_SOURCES = ipa-getcert.c tm.c tm.h
|
||||||
|
ipa_getcert_LDADD = $(getcert_LDADD)
|
||||||
|
endif
|
||||||
|
if WITH_IPA
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
bin_PROGRAMS += certmaster-getcert
|
||||||
|
certmaster_getcert_CFLAGS = $(getcert_CFLAGS)
|
||||||
|
certmaster_getcert_SOURCES = certmaster-getcert.c tm.c tm.h
|
||||||
|
certmaster_getcert_LDADD = $(getcert_LDADD)
|
||||||
|
endif
|
||||||
|
+endif
|
||||||
|
bin_PROGRAMS += selfsign-getcert
|
||||||
|
selfsign_getcert_CFLAGS = $(getcert_CFLAGS)
|
||||||
|
selfsign_getcert_SOURCES = selfsign-getcert.c tm.c tm.h
|
||||||
|
@@ -181,21 +188,28 @@ certmonger_session_SOURCES = main.c env-session.c tm.c tm.h
|
||||||
|
certmonger_session_LDADD = libcm.a \
|
||||||
|
$(OPENSSL_LIBS) $(CERTMONGER_LIBS) $(KRB5_LIBS) $(IDN_LIBS) \
|
||||||
|
$(GMP_LIBS) $(UUID_LIBS) $(POPT_LIBS) $(LTLIBICONV) $(LDAP_LIBS)
|
||||||
|
-noinst_PROGRAMS = tdbusm-check serial-check nl-check submit-x toklist
|
||||||
|
+noinst_PROGRAMS = tdbusm-check serial-check nl-check toklist
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
+noinst_PROGRAMS += submit-x
|
||||||
|
+endif
|
||||||
|
tdbusm_check_SOURCES = tdbusm-check.c tm.c tm.h
|
||||||
|
tdbusm_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(POPT_LIBS) $(LDAP_LIBS)
|
||||||
|
serial_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LTLIBICONV) $(LDAP_LIBS)
|
||||||
|
nl_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LDAP_LIBS)
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
submit_x_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) -DCM_SUBMIT_X_MAIN
|
||||||
|
submit_x_SOURCES = submit-x.c submit-x.h submit-u.c submit-u.h log.c log.h \
|
||||||
|
tm.c tm.h
|
||||||
|
submit_x_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \
|
||||||
|
$(GMP_LIBS) $(UUID_LIBS) $(POPT_LIBS)
|
||||||
|
+endif
|
||||||
|
toklist_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)
|
||||||
|
toklist_LDADD = $(NSS_LIBS) $(POPT_LIBS)
|
||||||
|
if WITH_CERTMASTER
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
pkglibexec_PROGRAMS += certmaster-submit
|
||||||
|
endif
|
||||||
|
+endif
|
||||||
|
if WITH_IPA
|
||||||
|
pkglibexec_PROGRAMS += ipa-submit
|
||||||
|
endif
|
||||||
|
@@ -205,19 +219,22 @@ pkglibexec_PROGRAMS += local-submit
|
||||||
|
pkglibexec_PROGRAMS += scep-submit
|
||||||
|
endif
|
||||||
|
noinst_PROGRAMS += submit-h submit-d
|
||||||
|
-ipa_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)
|
||||||
|
+ipa_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) $(CURL_CFLAGS) $(JANSSON_CFLAGS)
|
||||||
|
ipa_submit_SOURCES = ipa.c srvloc.c srvloc.h store.h store-gen.c \
|
||||||
|
- submit-x.c submit-x.h submit-u.c submit-u.h \
|
||||||
|
+ submit-h.c submit-h.h submit-u.c submit-u.h \
|
||||||
|
submit-e.h util.c util.h log.c log.h tm.c tm.h
|
||||||
|
ipa_submit_LDADD = $(XMLRPC_LIBS) $(LDAP_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \
|
||||||
|
$(GMP_LIBS) $(IDN_LIBS) $(OPENSSL_LIBS) $(UUID_LIBS) \
|
||||||
|
- $(RESOLV_LIBS) $(LTLIBICONV) $(POPT_LIBS)
|
||||||
|
+ $(RESOLV_LIBS) $(LTLIBICONV) $(POPT_LIBS) $(CURL_LIBS) \
|
||||||
|
+ $(JANSSON_LIBS)
|
||||||
|
+if WITH_XMLRPC
|
||||||
|
certmaster_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)
|
||||||
|
certmaster_submit_SOURCES = certmaster.c submit-x.c submit-x.h \
|
||||||
|
submit-e.h submit-u.c submit-u.h util.c util.h log.c log.h \
|
||||||
|
tm.c tm.h
|
||||||
|
certmaster_submit_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \
|
||||||
|
$(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) $(POPT_LIBS)
|
||||||
|
+endif
|
||||||
|
dogtag_ipa_renew_agent_submit_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) \
|
||||||
|
$(NSS_CFLAGS) $(CURL_CFLAGS) \
|
||||||
|
-DDOGTAG_IPA_RENEW_AGENT=1
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -0,0 +1,93 @@
|
|||||||
|
From aedf7f646f28d58c6bc422423401c1d0eb31ee75 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Thu, 20 Aug 2020 16:53:50 -0400
|
||||||
|
Subject: [PATCH 06/11] Make xmlrpc optional in the certmonger spec file,
|
||||||
|
disable certmaster
|
||||||
|
|
||||||
|
This disables certmaster support by default since it requires
|
||||||
|
xmlrpc
|
||||||
|
---
|
||||||
|
certmonger.spec | 22 +++++++++++++++++++++-
|
||||||
|
configure.ac | 1 +
|
||||||
|
2 files changed, 22 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/certmonger.spec b/certmonger.spec
|
||||||
|
index e1f5536e..a8e1d2e8 100644
|
||||||
|
--- a/certmonger.spec
|
||||||
|
+++ b/certmonger.spec
|
||||||
|
@@ -24,6 +24,8 @@
|
||||||
|
%global sysvinitdir %{_initrddir}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
+%bcond_with xmlrpc
|
||||||
|
+
|
||||||
|
Name: certmonger
|
||||||
|
Version: 0.79.11
|
||||||
|
Release: 1%{?dist}
|
||||||
|
@@ -37,6 +39,7 @@ Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||||
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
|
|
||||||
|
BuildRequires: openldap-devel
|
||||||
|
+BuildRequires: krb5-devel
|
||||||
|
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel, libidn2-devel
|
||||||
|
BuildRequires: autoconf, automake, gcc, gettext-devel
|
||||||
|
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||||
|
@@ -50,7 +53,11 @@ BuildRequires: libcurl-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: curl-devel
|
||||||
|
%endif
|
||||||
|
-BuildRequires: libxml2-devel, xmlrpc-c-devel
|
||||||
|
+BuildRequires: libxml2-devel
|
||||||
|
+%if %{with xmlrpc}
|
||||||
|
+BuildRequires: xmlrpc-c-devel
|
||||||
|
+%endif
|
||||||
|
+BuildRequires: jansson-devel
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} < 6
|
||||||
|
BuildRequires: bind-libbind-devel
|
||||||
|
BuildRequires: mktemp
|
||||||
|
@@ -132,10 +139,17 @@ sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in
|
||||||
|
--enable-tmpfiles \
|
||||||
|
%endif
|
||||||
|
--with-homedir=/run/certmonger \
|
||||||
|
+%if %{with xmlrpc}
|
||||||
|
+ --with-xmlrpc \
|
||||||
|
+%endif
|
||||||
|
--with-tmpdir=/run/certmonger --enable-pie --enable-now
|
||||||
|
+%if %{with xmlrpc}
|
||||||
|
# For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
|
||||||
|
# tell us about libxmlrpc_client, but we need more. Work around.
|
||||||
|
make %{?_smp_mflags} XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc"
|
||||||
|
+%else
|
||||||
|
+make %{?_smp_mflags}
|
||||||
|
+%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
@@ -154,6 +168,12 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
|
if test $1 -eq 1 ; then
|
||||||
|
%{_bindir}/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig 2>&1 || :
|
||||||
|
fi
|
||||||
|
+%if %{without xmlrpc}
|
||||||
|
+# remove any existing certmaster CA configuration
|
||||||
|
+if test $1 -gt 1 ; then
|
||||||
|
+ %{_bindir}/getcert remove-ca -c certmaster 2>&1 || :
|
||||||
|
+fi
|
||||||
|
+%endif
|
||||||
|
%if %{systemd}
|
||||||
|
if test $1 -eq 1 ; then
|
||||||
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 14991244..f2964856 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -876,6 +876,7 @@ else
|
||||||
|
AM_CONDITIONAL(HAVE_EC,false)
|
||||||
|
AM_CONDITIONAL(WITH_IPA,false)
|
||||||
|
AM_CONDITIONAL(WITH_CERTMASTER,false)
|
||||||
|
+ AM_CONDITIONAL(WITH_XMLRPC,false)
|
||||||
|
AM_CONDITIONAL(WITH_LOCAL,false)
|
||||||
|
AM_CONDITIONAL(HAVE_UUID,false)
|
||||||
|
fi
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
155
0007-Add-Referer-header-option-to-the-submit-h-API.patch
Normal file
155
0007-Add-Referer-header-option-to-the-submit-h-API.patch
Normal file
@ -0,0 +1,155 @@
|
|||||||
|
From 4347ce74b0001c002cb449b8dd63819634e980ae Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Thu, 20 Aug 2020 16:55:36 -0400
|
||||||
|
Subject: [PATCH 07/11] Add Referer header option to the submit-h API
|
||||||
|
|
||||||
|
This will allow IPA API requests that require the Referer header
|
||||||
|
to be set.
|
||||||
|
---
|
||||||
|
src/dogtag.c | 2 +-
|
||||||
|
src/scep.c | 6 +++---
|
||||||
|
src/submit-d.c | 2 +-
|
||||||
|
src/submit-h.c | 20 +++++++++++++++-----
|
||||||
|
src/submit-h.h | 1 +
|
||||||
|
5 files changed, 21 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/dogtag.c b/src/dogtag.c
|
||||||
|
index faf81f97..d36ac008 100644
|
||||||
|
--- a/src/dogtag.c
|
||||||
|
+++ b/src/dogtag.c
|
||||||
|
@@ -691,7 +691,7 @@ main(int argc, const char **argv)
|
||||||
|
/* Submit the form(s). */
|
||||||
|
hctx = NULL;
|
||||||
|
while (url != NULL) {
|
||||||
|
- hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL,
|
||||||
|
+ hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL, NULL,
|
||||||
|
cainfo, capath, sslcert, sslkey, sslpin,
|
||||||
|
cm_submit_h_negotiate_off,
|
||||||
|
cm_submit_h_delegate_off,
|
||||||
|
diff --git a/src/scep.c b/src/scep.c
|
||||||
|
index c74ca574..e384e8da 100644
|
||||||
|
--- a/src/scep.c
|
||||||
|
+++ b/src/scep.c
|
||||||
|
@@ -496,7 +496,7 @@ main(int argc, const char **argv)
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Submit the first request. */
|
||||||
|
- hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL,
|
||||||
|
+ hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL, NULL,
|
||||||
|
cainfo, NULL, NULL, NULL, NULL,
|
||||||
|
cm_submit_h_negotiate_off,
|
||||||
|
cm_submit_h_delegate_off,
|
||||||
|
@@ -593,7 +593,7 @@ main(int argc, const char **argv)
|
||||||
|
}
|
||||||
|
/* Submit a second HTTP request if we have one to make. */
|
||||||
|
if (params2 != NULL) {
|
||||||
|
- hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL,
|
||||||
|
+ hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL, NULL,
|
||||||
|
NULL, NULL, NULL, NULL, NULL,
|
||||||
|
cm_submit_h_negotiate_off,
|
||||||
|
cm_submit_h_delegate_off,
|
||||||
|
@@ -794,7 +794,7 @@ main(int argc, const char **argv)
|
||||||
|
OP_GET_CA_CERT
|
||||||
|
"&message=%d", i++);
|
||||||
|
hctx = cm_submit_h_init(ctx, "GET", url, params,
|
||||||
|
- NULL, NULL, NULL, NULL,
|
||||||
|
+ NULL, NULL, NULL, NULL, NULL,
|
||||||
|
NULL, NULL, NULL,
|
||||||
|
cm_submit_h_negotiate_off,
|
||||||
|
cm_submit_h_delegate_off,
|
||||||
|
diff --git a/src/submit-d.c b/src/submit-d.c
|
||||||
|
index 3adaa4a6..f1877c34 100644
|
||||||
|
--- a/src/submit-d.c
|
||||||
|
+++ b/src/submit-d.c
|
||||||
|
@@ -1188,7 +1188,7 @@ restart:
|
||||||
|
fprintf(stderr, "url = \"%s%s%s\"\n", uri,
|
||||||
|
params ? "?" : "", params ? params : "");
|
||||||
|
}
|
||||||
|
- hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL,
|
||||||
|
+ hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL, NULL,
|
||||||
|
cainfo, capath, sslcert, sslkey, sslpin,
|
||||||
|
cm_submit_h_negotiate_off,
|
||||||
|
cm_submit_h_delegate_off,
|
||||||
|
diff --git a/src/submit-h.c b/src/submit-h.c
|
||||||
|
index 9b507dbe..c04909b1 100644
|
||||||
|
--- a/src/submit-h.c
|
||||||
|
+++ b/src/submit-h.c
|
||||||
|
@@ -51,7 +51,7 @@
|
||||||
|
struct cm_submit_h_context {
|
||||||
|
int ret;
|
||||||
|
long response_code;
|
||||||
|
- char *method, *uri, *args, *accept, *ctype, *cainfo, *capath, *result;
|
||||||
|
+ char *method, *uri, *args, *accept, *ctype, *referer, *cainfo, *capath, *result;
|
||||||
|
int result_length;
|
||||||
|
char *sslcert, *sslkey, *sslpass;
|
||||||
|
enum cm_submit_h_opt_negotiate negotiate;
|
||||||
|
@@ -66,7 +66,7 @@ struct cm_submit_h_context *
|
||||||
|
cm_submit_h_init(void *parent,
|
||||||
|
const char *method, const char *uri, const char *args,
|
||||||
|
const char *content_type, const char *accept,
|
||||||
|
- const char *cainfo, const char *capath,
|
||||||
|
+ const char *referer, const char *cainfo, const char *capath,
|
||||||
|
const char *sslcert, const char *sslkey, const char *sslpass,
|
||||||
|
enum cm_submit_h_opt_negotiate neg,
|
||||||
|
enum cm_submit_h_opt_delegate del,
|
||||||
|
@@ -84,6 +84,7 @@ cm_submit_h_init(void *parent,
|
||||||
|
ctx->ctype = content_type ?
|
||||||
|
talloc_strdup(ctx, content_type) :
|
||||||
|
NULL;
|
||||||
|
+ ctx->referer = referer ? talloc_strdup(ctx, referer) : NULL;
|
||||||
|
ctx->accept = accept ? talloc_strdup(ctx, accept) : NULL;
|
||||||
|
ctx->cainfo = cainfo ? talloc_strdup(ctx, cainfo) : NULL;
|
||||||
|
ctx->capath = capath ? talloc_strdup(ctx, capath) : NULL;
|
||||||
|
@@ -180,10 +181,11 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ctx->negotiate == cm_submit_h_negotiate_on) {
|
||||||
|
-#if defined(CURLOPT_HTTPAUTH) && defined(CURLAUTH_GSSNEGOTIATE)
|
||||||
|
+#if defined(CURLAUTH_NEGOTIATE)
|
||||||
|
curl_easy_setopt(ctx->curl,
|
||||||
|
CURLOPT_HTTPAUTH,
|
||||||
|
- CURLAUTH_GSSNEGOTIATE);
|
||||||
|
+ CURLAUTH_NEGOTIATE);
|
||||||
|
+ curl_easy_setopt(ctx->curl, CURLOPT_USERPWD, ":");
|
||||||
|
#else
|
||||||
|
cm_log(-1,
|
||||||
|
"warning: libcurl doesn't appear to support "
|
||||||
|
@@ -243,6 +245,14 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
|
||||||
|
header);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ if (ctx->referer != NULL) {
|
||||||
|
+ header = talloc_asprintf(ctx, "Referer: %s",
|
||||||
|
+ ctx->referer);
|
||||||
|
+ if (header != NULL) {
|
||||||
|
+ headers = curl_slist_append(headers,
|
||||||
|
+ header);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, headers);
|
||||||
|
curl_easy_setopt(ctx->curl, CURLOPT_WRITEFUNCTION,
|
||||||
|
append_result);
|
||||||
|
@@ -415,7 +425,7 @@ main(int argc, const char **argv)
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx = cm_submit_h_init(NULL, method, url, poptGetArg(pctx),
|
||||||
|
- ctype, accept,
|
||||||
|
+ ctype, accept, NULL,
|
||||||
|
cainfo, capath, sslcert, sslkey, sslpass,
|
||||||
|
negotiate, negotiate_delegate,
|
||||||
|
clientauth, cm_submit_h_env_modify_on,
|
||||||
|
diff --git a/src/submit-h.h b/src/submit-h.h
|
||||||
|
index 931cc890..b33544af 100644
|
||||||
|
--- a/src/submit-h.h
|
||||||
|
+++ b/src/submit-h.h
|
||||||
|
@@ -45,6 +45,7 @@ struct cm_submit_h_context *cm_submit_h_init(void *parent,
|
||||||
|
const char *args,
|
||||||
|
const char *content_type,
|
||||||
|
const char *accept,
|
||||||
|
+ const char *referer,
|
||||||
|
const char *cainfo,
|
||||||
|
const char *capath,
|
||||||
|
const char *sslcert,
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
838
0008-Switch-IPA-calls-to-use-the-JSON-RPC-endpoint-instea.patch
Normal file
838
0008-Switch-IPA-calls-to-use-the-JSON-RPC-endpoint-instea.patch
Normal file
@ -0,0 +1,838 @@
|
|||||||
|
From fdc2851233f532eb78363784712c597c63e1c4c1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Thu, 20 Aug 2020 16:57:38 -0400
|
||||||
|
Subject: [PATCH 08/11] Switch IPA calls to use the JSON-RPC endpoint instead
|
||||||
|
of XMLRPC
|
||||||
|
|
||||||
|
IPA has provided a JSON-RPC interface for many years now and has
|
||||||
|
long term plans to drop support for XMLRPC.
|
||||||
|
---
|
||||||
|
src/ipa.c | 546 ++++++++++++++++++++++++++++++++++++++--------
|
||||||
|
src/store-files.c | 2 +
|
||||||
|
2 files changed, 463 insertions(+), 85 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/ipa.c b/src/ipa.c
|
||||||
|
index e4295826..8c089e68 100644
|
||||||
|
--- a/src/ipa.c
|
||||||
|
+++ b/src/ipa.c
|
||||||
|
@@ -33,8 +33,7 @@
|
||||||
|
|
||||||
|
#include <talloc.h>
|
||||||
|
|
||||||
|
-#include <xmlrpc-c/client.h>
|
||||||
|
-#include <xmlrpc-c/transport.h>
|
||||||
|
+#include <jansson.h>
|
||||||
|
|
||||||
|
#include <ldap.h>
|
||||||
|
#include <krb5.h>
|
||||||
|
@@ -46,7 +45,7 @@
|
||||||
|
#include "store.h"
|
||||||
|
#include "submit-e.h"
|
||||||
|
#include "submit-u.h"
|
||||||
|
-#include "submit-x.h"
|
||||||
|
+#include "submit-h.h"
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
|
#ifdef ENABLE_NLS
|
||||||
|
@@ -56,6 +55,229 @@
|
||||||
|
#define _(_text) (_text)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+static char *
|
||||||
|
+get_error_message(krb5_context ctx, krb5_error_code kcode)
|
||||||
|
+{
|
||||||
|
+ const char *ret;
|
||||||
|
+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
|
||||||
|
+ ret = ctx ? krb5_get_error_message(ctx, kcode) : NULL;
|
||||||
|
+ if (ret == NULL) {
|
||||||
|
+ ret = error_message(kcode);
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
+ ret = error_message(kcode);
|
||||||
|
+#endif
|
||||||
|
+ return strdup(ret);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+cm_submit_ccache_realm(char **msg)
|
||||||
|
+{
|
||||||
|
+ krb5_context ctx;
|
||||||
|
+ krb5_ccache ccache;
|
||||||
|
+ krb5_principal princ;
|
||||||
|
+ krb5_error_code kret;
|
||||||
|
+ krb5_data *data;
|
||||||
|
+ char *ret;
|
||||||
|
+
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ kret = krb5_init_context(&ctx);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error initializing Kerberos: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ kret = krb5_cc_default(ctx, &ccache);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error resolving default ccache: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ kret = krb5_cc_get_principal(ctx, ccache, &princ);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error reading default principal: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ data = krb5_princ_realm(ctx, princ);
|
||||||
|
+ if (data == NULL) {
|
||||||
|
+ fprintf(stderr, "Error retrieving principal realm.\n");
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = "Error retrieving principal realm.\n";
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ ret = malloc(data->length + 1);
|
||||||
|
+ if (ret == NULL) {
|
||||||
|
+ fprintf(stderr, "Out of memory for principal realm.\n");
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = "Out of memory for principal realm.\n";
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ memcpy(ret, data->data, data->length);
|
||||||
|
+ ret[data->length] = '\0';
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+krb5_error_code
|
||||||
|
+cm_submit_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||||
|
+{
|
||||||
|
+ krb5_context ctx;
|
||||||
|
+ krb5_keytab keytab;
|
||||||
|
+ krb5_ccache ccache;
|
||||||
|
+ krb5_creds creds;
|
||||||
|
+ krb5_principal princ;
|
||||||
|
+ krb5_error_code kret;
|
||||||
|
+ krb5_get_init_creds_opt gicopts, *gicoptsp;
|
||||||
|
+ char *ret;
|
||||||
|
+
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ kret = krb5_init_context(&ctx);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ ret = get_error_message(ctx, kret);
|
||||||
|
+ fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ if (ktname != NULL) {
|
||||||
|
+ kret = krb5_kt_resolve(ctx, ktname, &keytab);
|
||||||
|
+ } else {
|
||||||
|
+ kret = krb5_kt_default(ctx, &keytab);
|
||||||
|
+ }
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error resolving keytab: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ princ = NULL;
|
||||||
|
+ if (principal != NULL) {
|
||||||
|
+ kret = krb5_parse_name(ctx, principal, &princ);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error parsing \"%s\": %s.\n",
|
||||||
|
+ principal, ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ kret = krb5_sname_to_principal(ctx, NULL, NULL,
|
||||||
|
+ KRB5_NT_SRV_HST, &princ);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error building client name: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ memset(&creds, 0, sizeof(creds));
|
||||||
|
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
|
||||||
|
+ memset(&gicopts, 0, sizeof(gicopts));
|
||||||
|
+ gicoptsp = NULL;
|
||||||
|
+ kret = krb5_get_init_creds_opt_alloc(ctx, &gicoptsp);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Internal error: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
+ krb5_get_init_creds_opt_init(&gicopts);
|
||||||
|
+ gicoptsp = &gicopts;
|
||||||
|
+#endif
|
||||||
|
+ krb5_get_init_creds_opt_set_forwardable(gicoptsp, 1);
|
||||||
|
+ kret = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab,
|
||||||
|
+ 0, NULL, gicoptsp);
|
||||||
|
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
|
||||||
|
+ krb5_get_init_creds_opt_free(ctx, gicoptsp);
|
||||||
|
+#endif
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error obtaining initial credentials: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ ccache = NULL;
|
||||||
|
+ kret = krb5_cc_resolve(ctx, "MEMORY:" PACKAGE_NAME "_submit",
|
||||||
|
+ &ccache);
|
||||||
|
+ if (kret == 0) {
|
||||||
|
+ kret = krb5_cc_initialize(ctx, ccache, creds.client);
|
||||||
|
+ }
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr, "Error initializing credential cache: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ kret = krb5_cc_store_cred(ctx, ccache, &creds);
|
||||||
|
+ if (kret != 0) {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "Error storing creds in credential cache: %s.\n",
|
||||||
|
+ ret = get_error_message(ctx, kret));
|
||||||
|
+ if (msg != NULL) {
|
||||||
|
+ *msg = ret;
|
||||||
|
+ } else {
|
||||||
|
+ free(ret);
|
||||||
|
+ }
|
||||||
|
+ return kret;
|
||||||
|
+ }
|
||||||
|
+ krb5_cc_close(ctx, ccache);
|
||||||
|
+ krb5_kt_close(ctx, keytab);
|
||||||
|
+ krb5_free_principal(ctx, princ);
|
||||||
|
+ krb5_free_context(ctx);
|
||||||
|
+ putenv("KRB5CCNAME=MEMORY:" PACKAGE_NAME "_submit");
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
interact(LDAP *ld, unsigned flags, void *defaults, void *sasl_interact)
|
||||||
|
{
|
||||||
|
@@ -200,7 +422,7 @@ cm_find_default_naming_context(LDAP *ld, char **basedn)
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
-cm_locate_xmlrpc_service(const char *server,
|
||||||
|
+cm_locate_jsonrpc_service(const char *server,
|
||||||
|
int ldap_uri_cmd, const char *ldap_uri,
|
||||||
|
const char *host,
|
||||||
|
const char *domain,
|
||||||
|
@@ -213,10 +435,13 @@ cm_locate_xmlrpc_service(const char *server,
|
||||||
|
LDAPDN rdn;
|
||||||
|
struct berval *lbv;
|
||||||
|
char *lattrs[2] = {"cn", NULL};
|
||||||
|
- const char *relativedn = "cn=masters,cn=ipa,cn=etc", *dn;
|
||||||
|
+ const char *relativedn = "cn=masters,cn=ipa,cn=etc";
|
||||||
|
+ char *dn;
|
||||||
|
char ldn[LINE_MAX], lfilter[LINE_MAX], uri[LINE_MAX] = "", **list;
|
||||||
|
int i, j, rc, n;
|
||||||
|
unsigned int flags;
|
||||||
|
+ int rval = 0;
|
||||||
|
+ int alloc_basedn = 0;
|
||||||
|
|
||||||
|
*uris = NULL;
|
||||||
|
|
||||||
|
@@ -231,14 +456,16 @@ cm_locate_xmlrpc_service(const char *server,
|
||||||
|
if (basedn == NULL) {
|
||||||
|
i = cm_find_default_naming_context(ld, &basedn);
|
||||||
|
if (i != 0) {
|
||||||
|
- free(basedn);
|
||||||
|
- return i;
|
||||||
|
+ rval = i;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
+ alloc_basedn = 1;
|
||||||
|
}
|
||||||
|
if (basedn == NULL) {
|
||||||
|
printf(_("Unable to determine base DN of "
|
||||||
|
"domain information on IPA server.\n"));
|
||||||
|
- return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
/* Now look up the names of the master CAs. */
|
||||||
|
snprintf(lfilter, sizeof(lfilter),
|
||||||
|
@@ -248,26 +475,31 @@ cm_locate_xmlrpc_service(const char *server,
|
||||||
|
"(ipaConfigString=enabledService)"
|
||||||
|
")", service);
|
||||||
|
snprintf(ldn, sizeof(ldn), "%s,%s", relativedn, basedn);
|
||||||
|
- free(basedn);
|
||||||
|
+ if (alloc_basedn) {
|
||||||
|
+ free(basedn);
|
||||||
|
+ }
|
||||||
|
rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE,
|
||||||
|
lfilter, lattrs, 0, NULL, NULL, NULL,
|
||||||
|
LDAP_NO_LIMIT, &lresult);
|
||||||
|
if (rc != LDAP_SUCCESS) {
|
||||||
|
fprintf(stderr, "Error searching '%s': %s.\n",
|
||||||
|
ldn, ldap_err2string(rc));
|
||||||
|
- return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
/* Read their parents' for "cn" values. */
|
||||||
|
n = ldap_count_entries(ld, lresult);
|
||||||
|
if (n == 0) {
|
||||||
|
fprintf(stderr, "No CA masters found.\n");
|
||||||
|
ldap_msgfree(lresult);
|
||||||
|
- return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
list = talloc_array_ptrtype(NULL, list, n + 2);
|
||||||
|
if (list == NULL) {
|
||||||
|
fprintf(stderr, "Out of memory.\n");
|
||||||
|
- return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
i = 0;
|
||||||
|
for (lmsg = ldap_first_entry(ld, lresult);
|
||||||
|
@@ -314,7 +546,7 @@ cm_locate_xmlrpc_service(const char *server,
|
||||||
|
switch (flags & 0x0f) {
|
||||||
|
case LDAP_AVA_STRING:
|
||||||
|
list[i] = talloc_asprintf(list,
|
||||||
|
- "https://%.*s/ipa/xml",
|
||||||
|
+ "https://%.*s/ipa/json",
|
||||||
|
(int) lbv->bv_len,
|
||||||
|
lbv->bv_val);
|
||||||
|
if (list[i] != NULL) {
|
||||||
|
@@ -328,15 +560,67 @@ cm_locate_xmlrpc_service(const char *server,
|
||||||
|
ldap_dnfree(rdn);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ ldap_memfree(dn);
|
||||||
|
}
|
||||||
|
ldap_msgfree(lresult);
|
||||||
|
if (i == 0) {
|
||||||
|
free(list);
|
||||||
|
- return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
list[i] = NULL;
|
||||||
|
*uris = list;
|
||||||
|
- return CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
+
|
||||||
|
+done:
|
||||||
|
+ if (ld) {
|
||||||
|
+ ldap_unbind_ext(ld, NULL, NULL);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rval;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Parse the JSON response from the IPA server.
|
||||||
|
+ *
|
||||||
|
+ * It will return one of three types of values:
|
||||||
|
+ *
|
||||||
|
+ * < 0 is failure to parse JSON output
|
||||||
|
+ * 0 is success, no errors were found
|
||||||
|
+ * > 0 is the IPA API error code
|
||||||
|
+ */
|
||||||
|
+static int
|
||||||
|
+parse_json_result(const char *result, char **error_message) {
|
||||||
|
+ json_error_t j_error;
|
||||||
|
+
|
||||||
|
+ json_t *j_root = NULL;
|
||||||
|
+ json_t *j_error_obj = NULL;
|
||||||
|
+
|
||||||
|
+ int error_code = 0;
|
||||||
|
+
|
||||||
|
+ j_root = json_loads(result, 0, &j_error);
|
||||||
|
+ if (!j_root) {
|
||||||
|
+ cm_log(0, "Parsing JSON-RPC response failed: %s\n", j_error.text);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ j_error_obj = json_object_get(j_root, "error");
|
||||||
|
+ if (!j_error_obj || json_is_null(j_error_obj)) {
|
||||||
|
+ json_decref(j_root);
|
||||||
|
+ return 0; // no errors
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (json_unpack_ex(j_error_obj, &j_error, 0, "{s:i, s:s}",
|
||||||
|
+ "code", &error_code,
|
||||||
|
+ "message", error_message) != 0) {
|
||||||
|
+ cm_log(0, "Failed extracting error from JSON-RPC response: %s\n", j_error.text);
|
||||||
|
+ json_decref(j_root);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ cm_log(0, "JSON-RPC error: %d: %s\n", error_code, *error_message);
|
||||||
|
+ json_decref(j_root);
|
||||||
|
+ return error_code;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Make an XML-RPC request to the "cert_request" method. */
|
||||||
|
@@ -344,63 +628,98 @@ static int
|
||||||
|
submit_or_poll_uri(const char *uri, const char *cainfo, const char *capath,
|
||||||
|
const char *uid, const char *pwd, const char *csr,
|
||||||
|
const char *reqprinc, const char *profile,
|
||||||
|
- const char *issuer)
|
||||||
|
+ const char *issuer, int verbose)
|
||||||
|
{
|
||||||
|
- struct cm_submit_x_context *ctx;
|
||||||
|
- const char *args[2];
|
||||||
|
+ void *ctx;
|
||||||
|
+ struct cm_submit_h_context *hctx;
|
||||||
|
char *s, *p;
|
||||||
|
int i;
|
||||||
|
+ json_t *json_req = NULL;
|
||||||
|
+ json_error_t j_error;
|
||||||
|
+ const char *results = NULL;
|
||||||
|
+ char *json_str = NULL;
|
||||||
|
+ char *error_message = NULL;
|
||||||
|
+ char *referer = NULL;
|
||||||
|
+ int rval = 0;
|
||||||
|
+ json_t *j_root = NULL;
|
||||||
|
+ json_t *j_result_outer = NULL;
|
||||||
|
+ json_t *j_result = NULL;
|
||||||
|
+ json_t *j_cert = NULL;
|
||||||
|
+ const char *certificate = NULL;
|
||||||
|
|
||||||
|
if ((uri == NULL) || (strlen(uri) == 0)) {
|
||||||
|
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Prepare to make an XML-RPC request. */
|
||||||
|
+ ctx = talloc_new(NULL);
|
||||||
|
+
|
||||||
|
+ referer = talloc_asprintf(ctx, "%s", uri);
|
||||||
|
+
|
||||||
|
+ /* Prepare to make a JSON-RPC request. */
|
||||||
|
submit:
|
||||||
|
- if ((uid != NULL) && (pwd != NULL) &&
|
||||||
|
- (strlen(uid) > 0) && (strlen(pwd) > 0)) {
|
||||||
|
- ctx = cm_submit_x_init(NULL, uri, "cert_request",
|
||||||
|
- cainfo, capath, uid, pwd,
|
||||||
|
- cm_submit_x_negotiate_off,
|
||||||
|
- cm_submit_x_delegate_off);;
|
||||||
|
- } else {
|
||||||
|
- ctx = cm_submit_x_init(NULL, uri, "cert_request",
|
||||||
|
- cainfo, capath, NULL, NULL,
|
||||||
|
- cm_submit_x_negotiate_on,
|
||||||
|
- cm_submit_x_delegate_on);
|
||||||
|
+ json_req = json_pack_ex(&j_error, 0,
|
||||||
|
+ "{s:s, s:[[s], {s:s, s:s*, s:s*, s:b}]}",
|
||||||
|
+ "method", "cert_request",
|
||||||
|
+ "params",
|
||||||
|
+ csr,
|
||||||
|
+ "principal", reqprinc,
|
||||||
|
+ "profile_id", profile,
|
||||||
|
+ "cacn", issuer,
|
||||||
|
+ "add", 1);
|
||||||
|
+ if (!json_req) {
|
||||||
|
+ cm_log(0, "json_pack_ex() failed: %s\n", j_error.text);
|
||||||
|
+ return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
}
|
||||||
|
- if (ctx == NULL) {
|
||||||
|
- fprintf(stderr, "Error setting up for XMLRPC to %s on "
|
||||||
|
- "the client.\n", uri);
|
||||||
|
- printf(_("Error setting up for XMLRPC on the client.\n"));
|
||||||
|
+ json_str = json_dumps(json_req, 0);
|
||||||
|
+ json_decref(json_req);
|
||||||
|
+ if (!json_str) {
|
||||||
|
+ cm_log(0, "json_dumps() failed\n");
|
||||||
|
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Add the CSR contents as the sole unnamed argument. */
|
||||||
|
- args[0] = csr;
|
||||||
|
- args[1] = NULL;
|
||||||
|
- cm_submit_x_add_arg_as(ctx, args);
|
||||||
|
- /* Add the principal name named argument. */
|
||||||
|
- cm_submit_x_add_named_arg_s(ctx, "principal", reqprinc);
|
||||||
|
- /* Add the requested profile name named argument. */
|
||||||
|
- if (profile != NULL) {
|
||||||
|
- cm_submit_x_add_named_arg_s(ctx, "profile_id", profile);
|
||||||
|
- }
|
||||||
|
- /* Add the requested CA issuer named argument. */
|
||||||
|
- if (issuer != NULL) {
|
||||||
|
- cm_submit_x_add_named_arg_s(ctx, "cacn", issuer);
|
||||||
|
+ hctx = cm_submit_h_init(ctx, "POST", uri, json_str,
|
||||||
|
+ "application/json", "application/json",
|
||||||
|
+ referer, cainfo, capath,
|
||||||
|
+ NULL, NULL, NULL,
|
||||||
|
+ cm_submit_h_negotiate_on,
|
||||||
|
+ cm_submit_h_delegate_off,
|
||||||
|
+ cm_submit_h_clientauth_off,
|
||||||
|
+ cm_submit_h_env_modify_off,
|
||||||
|
+ verbose > 1 ?
|
||||||
|
+ cm_submit_h_curl_verbose_on :
|
||||||
|
+ cm_submit_h_curl_verbose_off);
|
||||||
|
+ free(json_str);
|
||||||
|
+
|
||||||
|
+ if (hctx == NULL) {
|
||||||
|
+ fprintf(stderr, "Error setting up JSON-RPC to %s on "
|
||||||
|
+ "the client.\n", uri);
|
||||||
|
+ printf(_("Error setting up for JSON-RPC on the client.\n"));
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ goto cleanup;
|
||||||
|
}
|
||||||
|
- /* Tell the server to add entries for a principal if one
|
||||||
|
- * doesn't exist yet. */
|
||||||
|
- cm_submit_x_add_named_arg_b(ctx, "add", 1);
|
||||||
|
|
||||||
|
/* Submit the request. */
|
||||||
|
fprintf(stderr, "Submitting request to \"%s\".\n", uri);
|
||||||
|
- cm_submit_x_run(ctx);
|
||||||
|
+ cm_submit_h_run(hctx);
|
||||||
|
|
||||||
|
/* Check the results. */
|
||||||
|
- if (cm_submit_x_faulted(ctx) == 0) {
|
||||||
|
- i = cm_submit_x_fault_code(ctx);
|
||||||
|
+
|
||||||
|
+ results = cm_submit_h_results(hctx, NULL);
|
||||||
|
+ cm_log(1, "%s\n", results);
|
||||||
|
+ if (cm_submit_h_response_code(hctx) != 200) {
|
||||||
|
+ cm_log(0, "JSON-RPC call failed with HTTP status code: %d\n",
|
||||||
|
+ cm_submit_h_response_code(hctx));
|
||||||
|
+ cm_log(0, "code = %d, code_text = \"%s\"\n",
|
||||||
|
+ cm_submit_h_result_code(hctx), cm_submit_h_result_code_text(hctx));
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ i = parse_json_result(results, &error_message);
|
||||||
|
+ if (i < 0) {
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ if (i > 0) {
|
||||||
|
/* Interpret the error. See errors.py to get the
|
||||||
|
* classifications. */
|
||||||
|
switch (i / 1000) {
|
||||||
|
@@ -424,8 +743,9 @@ submit:
|
||||||
|
}
|
||||||
|
printf("Server at %s denied our request, "
|
||||||
|
"giving up: %d (%s).\n", uri, i,
|
||||||
|
- cm_submit_x_fault_text(ctx));
|
||||||
|
- return CM_SUBMIT_STATUS_REJECTED;
|
||||||
|
+ error_message);
|
||||||
|
+ rval = CM_SUBMIT_STATUS_REJECTED;
|
||||||
|
+ goto cleanup;
|
||||||
|
break;
|
||||||
|
case 1: /* authentication error - transient? */
|
||||||
|
case 4: /* execution error - transient? */
|
||||||
|
@@ -433,22 +753,51 @@ submit:
|
||||||
|
default:
|
||||||
|
printf("Server at %s failed request, "
|
||||||
|
"will retry: %d (%s).\n", uri, i,
|
||||||
|
- cm_submit_x_fault_text(ctx));
|
||||||
|
- return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ error_message);
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- } else
|
||||||
|
- if (cm_submit_x_has_results(ctx) == 0) {
|
||||||
|
- if (cm_submit_x_get_named_s(ctx, "certificate",
|
||||||
|
- &s) == 0) {
|
||||||
|
+ } else {
|
||||||
|
+ j_root = json_loads(results, 0, &j_error);
|
||||||
|
+ if (!j_root) {
|
||||||
|
+ cm_log(0, "Parsing JSON-RPC response failed: %s\n", j_error.text);
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ j_result_outer = json_object_get(j_root, "result");
|
||||||
|
+ if (!j_result_outer) {
|
||||||
|
+ cm_log(0, "Parsing JSON-RPC response failed, no outer result\n");
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ j_result = json_object_get(j_result_outer, "result");
|
||||||
|
+ if (!j_result) {
|
||||||
|
+ cm_log(0, "Parsing JSON-RPC response failed, no inner result\n");
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ j_cert = json_object_get(j_result, "certificate");
|
||||||
|
+ if (!j_cert) {
|
||||||
|
+ cm_log(0, "Parsing JSON-RPC response failed, no certificate\n");
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ certificate = json_string_value(j_cert);
|
||||||
|
+
|
||||||
|
+ if (certificate) {
|
||||||
|
/* If we got a certificate, we're probably
|
||||||
|
* okay. */
|
||||||
|
- fprintf(stderr, "Certificate: \"%s\"\n", s);
|
||||||
|
- s = cm_submit_u_base64_from_text(s);
|
||||||
|
+ fprintf(stderr, "Certificate: \"%s\"\n", certificate);
|
||||||
|
+ s = cm_submit_u_base64_from_text(certificate);
|
||||||
|
if (s == NULL) {
|
||||||
|
printf("Out of memory parsing server "
|
||||||
|
"response, will retry.\n");
|
||||||
|
- return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
+ goto cleanup;
|
||||||
|
}
|
||||||
|
p = cm_submit_u_pem_from_base64("CERTIFICATE",
|
||||||
|
FALSE, s);
|
||||||
|
@@ -457,15 +806,19 @@ submit:
|
||||||
|
}
|
||||||
|
free(s);
|
||||||
|
free(p);
|
||||||
|
- return CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
+ goto cleanup;
|
||||||
|
} else {
|
||||||
|
- return CM_SUBMIT_STATUS_REJECTED;
|
||||||
|
+ rval = CM_SUBMIT_STATUS_REJECTED;
|
||||||
|
}
|
||||||
|
- } else {
|
||||||
|
- /* No useful response, no fault. Try again, from
|
||||||
|
- * scratch, later. */
|
||||||
|
- return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+cleanup:
|
||||||
|
+ json_decref(j_root);
|
||||||
|
+ cm_submit_h_cleanup(hctx);
|
||||||
|
+ talloc_free(ctx);
|
||||||
|
+
|
||||||
|
+ return rval;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
@@ -473,16 +826,17 @@ submit_or_poll(const char *uri, const char *cainfo, const char *capath,
|
||||||
|
const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
||||||
|
const char *host, const char *domain, char *basedn,
|
||||||
|
const char *uid, const char *pwd, const char *csr,
|
||||||
|
- const char *reqprinc, const char *profile, const char *issuer)
|
||||||
|
+ const char *reqprinc, const char *profile, const char *issuer,
|
||||||
|
+ int verbose)
|
||||||
|
{
|
||||||
|
int i, u;
|
||||||
|
char **uris;
|
||||||
|
|
||||||
|
i = submit_or_poll_uri(uri, cainfo, capath, uid, pwd, csr, reqprinc,
|
||||||
|
- profile, issuer);
|
||||||
|
+ profile, issuer, verbose);
|
||||||
|
if ((i == CM_SUBMIT_STATUS_UNREACHABLE) ||
|
||||||
|
(i == CM_SUBMIT_STATUS_UNCONFIGURED)) {
|
||||||
|
- u = cm_locate_xmlrpc_service(server, ldap_uri_cmd, ldap_uri,
|
||||||
|
+ u = cm_locate_jsonrpc_service(server, ldap_uri_cmd, ldap_uri,
|
||||||
|
host, domain, basedn, "CA", &uris);
|
||||||
|
if ((u == 0) && (uris != NULL)) {
|
||||||
|
for (u = 0; uris[u] != NULL; u++) {
|
||||||
|
@@ -491,7 +845,7 @@ submit_or_poll(const char *uri, const char *cainfo, const char *capath,
|
||||||
|
}
|
||||||
|
i = submit_or_poll_uri(uris[u], cainfo, capath,
|
||||||
|
uid, pwd, csr, reqprinc,
|
||||||
|
- profile, issuer);
|
||||||
|
+ profile, issuer, verbose);
|
||||||
|
if ((i != CM_SUBMIT_STATUS_UNREACHABLE) &&
|
||||||
|
(i != CM_SUBMIT_STATUS_UNCONFIGURED)) {
|
||||||
|
talloc_free(uris);
|
||||||
|
@@ -562,7 +916,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
||||||
|
return CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
}
|
||||||
|
/* Read our realm name from our ccache. */
|
||||||
|
- realm = cm_submit_x_ccache_realm(&kerr);
|
||||||
|
+ realm = cm_submit_ccache_realm(&kerr);
|
||||||
|
/* Read all of the certificates. */
|
||||||
|
for (lmsg = ldap_first_entry(ld, lresult);
|
||||||
|
lmsg != NULL;
|
||||||
|
@@ -588,6 +942,9 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
||||||
|
ldap_msgfree(lresult);
|
||||||
|
free(realm);
|
||||||
|
free(kerr);
|
||||||
|
+ if (ld) {
|
||||||
|
+ ldap_unbind_ext(ld, NULL, NULL);
|
||||||
|
+ }
|
||||||
|
return CM_SUBMIT_STATUS_ISSUED;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -600,7 +957,8 @@ main(int argc, const char **argv)
|
||||||
|
char *csr, *p, uri[LINE_MAX], *reqprinc = NULL, *ipaconfig, *kerr;
|
||||||
|
char *uid = NULL, *pwd = NULL, *pwdfile = NULL;
|
||||||
|
const char *xmlrpc_uri = NULL, *ldap_uri = NULL, *server = NULL, *csrfile;
|
||||||
|
- int xmlrpc_uri_cmd = 0, ldap_uri_cmd = 0, verbose = 0;
|
||||||
|
+ const char *jsonrpc_uri = NULL;
|
||||||
|
+ int jsonrpc_uri_cmd = 0, ldap_uri_cmd = 0, verbose = 0;
|
||||||
|
const char *mode = CM_OP_SUBMIT;
|
||||||
|
char ldn[LINE_MAX], *basedn = NULL, *profile = NULL, *issuer = NULL;
|
||||||
|
krb5_error_code kret;
|
||||||
|
@@ -609,6 +967,7 @@ main(int argc, const char **argv)
|
||||||
|
{"host", 'h', POPT_ARG_STRING, &host, 0, "IPA server hostname", "HOSTNAME"},
|
||||||
|
{"domain", 'd', POPT_ARG_STRING, &domain, 0, "IPA domain name", "NAME"},
|
||||||
|
{"xmlrpc-url", 'H', POPT_ARG_STRING, NULL, 'H', "IPA XMLRPC service location", "URL"},
|
||||||
|
+ {"jsonrpc-url", 'J', POPT_ARG_STRING, NULL, 'J', "IPA JSON-RPC service location", "URL"},
|
||||||
|
{"ldap-url", 'L', POPT_ARG_STRING, NULL, 'L', "IPA LDAP service location", "URL"},
|
||||||
|
{"capath", 'C', POPT_ARG_STRING, &capath, 0, NULL, "DIRECTORY"},
|
||||||
|
{"cafile", 'c', POPT_ARG_STRING, &cainfo, 0, NULL, "FILENAME"},
|
||||||
|
@@ -659,9 +1018,10 @@ main(int argc, const char **argv)
|
||||||
|
poptSetOtherOptionHelp(pctx, "[options] [csrfile]");
|
||||||
|
while ((c = poptGetNextOpt(pctx)) > 0) {
|
||||||
|
switch (c) {
|
||||||
|
- case 'H':
|
||||||
|
- xmlrpc_uri = poptGetOptArg(pctx);
|
||||||
|
- xmlrpc_uri_cmd++;
|
||||||
|
+ case 'H': /* XMLRPC URI kept for backwards compatibility */
|
||||||
|
+ case 'J':
|
||||||
|
+ jsonrpc_uri = poptGetOptArg(pctx);
|
||||||
|
+ jsonrpc_uri_cmd++;
|
||||||
|
break;
|
||||||
|
case 'L':
|
||||||
|
ldap_uri = poptGetOptArg(pctx);
|
||||||
|
@@ -724,6 +1084,11 @@ main(int argc, const char **argv)
|
||||||
|
"global",
|
||||||
|
"xmlrpc_uri");
|
||||||
|
}
|
||||||
|
+ if (jsonrpc_uri == NULL) {
|
||||||
|
+ jsonrpc_uri = get_config_entry(ipaconfig,
|
||||||
|
+ "global",
|
||||||
|
+ "jsonrpc_uri");
|
||||||
|
+ }
|
||||||
|
if (ldap_uri == NULL) {
|
||||||
|
/* Preferred, but likely to only be set on a
|
||||||
|
* server. */
|
||||||
|
@@ -756,6 +1121,7 @@ main(int argc, const char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ free(ipaconfig);
|
||||||
|
csr = NULL;
|
||||||
|
memset(uri, '\0', sizeof(uri));
|
||||||
|
memset(ldn, '\0', sizeof(ldn));
|
||||||
|
@@ -787,16 +1153,25 @@ main(int argc, const char **argv)
|
||||||
|
(getenv(CM_SUBMIT_ISSUER_ENV) != NULL)) {
|
||||||
|
issuer = strdup(getenv(CM_SUBMIT_ISSUER_ENV));
|
||||||
|
}
|
||||||
|
- if ((server != NULL) && !xmlrpc_uri_cmd) {
|
||||||
|
+ if ((server != NULL) && !jsonrpc_uri_cmd) {
|
||||||
|
snprintf(uri, sizeof(uri),
|
||||||
|
- "https://%s/ipa/xml", server);
|
||||||
|
+ "https://%s/ipa/json", server);
|
||||||
|
+ } else
|
||||||
|
+ if (jsonrpc_uri != NULL) {
|
||||||
|
+ snprintf(uri, sizeof(uri), "%s", jsonrpc_uri);
|
||||||
|
} else
|
||||||
|
if (xmlrpc_uri != NULL) {
|
||||||
|
- snprintf(uri, sizeof(uri), "%s", xmlrpc_uri);
|
||||||
|
+ /* strip off the trailing xml and replace with json */
|
||||||
|
+ if ((strlen(xmlrpc_uri) + 1) > sizeof(uri)) {
|
||||||
|
+ printf(_("xmlrpc_uri is longer than %ld.\n"), sizeof(uri) - 2);
|
||||||
|
+ return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||||
|
+ }
|
||||||
|
+ snprintf(uri, strlen(xmlrpc_uri) - 2, "%s", xmlrpc_uri);
|
||||||
|
+ strcat(uri, "json");
|
||||||
|
} else
|
||||||
|
if (host != NULL) {
|
||||||
|
snprintf(uri, sizeof(uri),
|
||||||
|
- "https://%s/ipa/xml", host);
|
||||||
|
+ "https://%s/ipa/json", host);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Read the CSR from the environment, or from the file named on
|
||||||
|
@@ -891,7 +1266,7 @@ main(int argc, const char **argv)
|
||||||
|
/* Setup a ccache unless we're told to use the default one. */
|
||||||
|
kerr = NULL;
|
||||||
|
if (make_keytab_ccache &&
|
||||||
|
- ((kret = cm_submit_x_make_ccache(ktname, kpname, &kerr)) != 0)) {
|
||||||
|
+ ((kret = cm_submit_make_ccache(ktname, kpname, &kerr)) != 0)) {
|
||||||
|
fprintf(stderr, "Error setting up ccache at the client: %s.\n",
|
||||||
|
kerr);
|
||||||
|
if (ktname == NULL) {
|
||||||
|
@@ -939,11 +1314,12 @@ main(int argc, const char **argv)
|
||||||
|
ret = submit_or_poll(uri, cainfo, capath, server,
|
||||||
|
ldap_uri_cmd, ldap_uri, host, domain,
|
||||||
|
basedn, uid, pwd, csr, reqprinc, profile,
|
||||||
|
- issuer);
|
||||||
|
+ issuer, verbose);
|
||||||
|
free(csr);
|
||||||
|
free(profile);
|
||||||
|
free(issuer);
|
||||||
|
free(reqprinc);
|
||||||
|
+ free(basedn);
|
||||||
|
return ret;
|
||||||
|
} else
|
||||||
|
if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) {
|
||||||
|
diff --git a/src/store-files.c b/src/store-files.c
|
||||||
|
index 4c3b2232..85ac692e 100644
|
||||||
|
--- a/src/store-files.c
|
||||||
|
+++ b/src/store-files.c
|
||||||
|
@@ -2650,6 +2650,7 @@ cm_store_get_all_cas(void *parent)
|
||||||
|
j++;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_XMLRPC
|
||||||
|
#ifdef WITH_CERTMASTER
|
||||||
|
/* Make sure we get at least one certmaster entry. */
|
||||||
|
for (k = 0; k < j; k++) {
|
||||||
|
@@ -2670,6 +2671,7 @@ cm_store_get_all_cas(void *parent)
|
||||||
|
j++;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+#endif
|
||||||
|
#ifdef WITH_IPA
|
||||||
|
/* Make sure we get at least 1 dogtag-ipa-renew-agent entry. */
|
||||||
|
for (k = 0; k < j; k++) {
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
201
0009-Remove-the-certmaster-CA-from-the-028-dbus-test.patch
Normal file
201
0009-Remove-the-certmaster-CA-from-the-028-dbus-test.patch
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
From dd8dcb899e0a159d1141b713993805565ffb6d28 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Wed, 16 Sep 2020 11:28:08 -0400
|
||||||
|
Subject: [PATCH 09/11] Remove the certmaster CA from the 028-dbus test
|
||||||
|
|
||||||
|
The certmaster CA is disabled by default so no longer look for it
|
||||||
|
in the dbus test.
|
||||||
|
|
||||||
|
This test will fail if certmaster is enabled. There is currently no
|
||||||
|
mechanism to dynamically enable/disable features of the tests. It
|
||||||
|
can be added if it comes up but its unclear if anyoen took advantage
|
||||||
|
of the certmaster support in the first place.
|
||||||
|
---
|
||||||
|
tests/028-dbus/expected.out | 130 ++----------------------------------
|
||||||
|
1 file changed, 6 insertions(+), 124 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
||||||
|
index 4d6a9a59..ca7de34f 100644
|
||||||
|
--- a/tests/028-dbus/expected.out
|
||||||
|
+++ b/tests/028-dbus/expected.out
|
||||||
|
@@ -34,10 +34,6 @@ CA 'IPA':
|
||||||
|
is-default: no
|
||||||
|
ca-type: EXTERNAL
|
||||||
|
helper-location: $libexecdir/ipa-submit
|
||||||
|
-CA 'certmaster':
|
||||||
|
- is-default: no
|
||||||
|
- ca-type: EXTERNAL
|
||||||
|
- helper-location: $libexecdir/certmaster-submit
|
||||||
|
CA 'dogtag-ipa-renew-agent':
|
||||||
|
is-default: no
|
||||||
|
ca-type: EXTERNAL
|
||||||
|
@@ -45,8 +41,8 @@ CA 'dogtag-ipa-renew-agent':
|
||||||
|
|
||||||
|
[[ API ]]
|
||||||
|
[ simpleprop.py ]
|
||||||
|
-/org/fedorahosted/certmonger/cas/CA6
|
||||||
|
-/org/fedorahosted/certmonger/cas/CA6
|
||||||
|
+/org/fedorahosted/certmonger/cas/CA5
|
||||||
|
+/org/fedorahosted/certmonger/cas/CA5
|
||||||
|
: -> : -k admin@localhost -> :
|
||||||
|
0 -> 1 -> 0
|
||||||
|
[ walk.py ]
|
||||||
|
@@ -182,7 +178,7 @@ OK
|
||||||
|
OK
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
|
||||||
|
-dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA5')], signature=dbus.Signature('o'))
|
||||||
|
+dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o'))
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
|
||||||
|
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
||||||
|
@@ -508,7 +504,6 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
|
||||||
|
<node name="CA2"/>
|
||||||
|
<node name="CA3"/>
|
||||||
|
<node name="CA4"/>
|
||||||
|
- <node name="CA5"/>
|
||||||
|
</node>
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
|
||||||
|
@@ -942,10 +937,10 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||||
|
</node>
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||||
|
-$tmpdir/cas/20180327134236-2
|
||||||
|
+$tmpdir/cas/20180327134236-3
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||||
|
-certmaster
|
||||||
|
+dogtag-ipa-renew-agent
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
|
||||||
|
0
|
||||||
|
@@ -957,7 +952,7 @@ EXTERNAL
|
||||||
|
None
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
|
||||||
|
-$libexecdir/certmaster-submit
|
||||||
|
+$libexecdir/dogtag-ipa-renew-agent-submit
|
||||||
|
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
||||||
|
dbus.Array([], signature=dbus.Signature('s'))
|
||||||
|
@@ -965,116 +960,3 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||||
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
|
||||||
|
1
|
||||||
|
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ]
|
||||||
|
-<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
|
||||||
|
-"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
|
||||||
|
-
|
||||||
|
-<node name="/org/fedorahosted/certmonger/cas/CA5">
|
||||||
|
- <interface name="org.freedesktop.DBus.Introspectable">
|
||||||
|
- <method name="Introspect">
|
||||||
|
- <arg name="xml_data" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- </interface>
|
||||||
|
- <interface name="org.freedesktop.DBus.Properties">
|
||||||
|
- <method name="Get">
|
||||||
|
- <arg name="interface_name" type="s" direction="in"/>
|
||||||
|
- <arg name="property_name" type="s" direction="in"/>
|
||||||
|
- <arg name="value" type="v" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="Set">
|
||||||
|
- <arg name="interface_name" type="s" direction="in"/>
|
||||||
|
- <arg name="property_name" type="s" direction="in"/>
|
||||||
|
- <arg name="value" type="v" direction="in"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="GetAll">
|
||||||
|
- <arg name="interface_name" type="s" direction="in"/>
|
||||||
|
- <arg name="props" type="a{sv}" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <signal name="PropertiesChanged">
|
||||||
|
- <arg name="interface_name" type="s"/>
|
||||||
|
- <arg name="changed_properties" type="a{sv}"/>
|
||||||
|
- <arg name="invalidated_properties" type="as"/>
|
||||||
|
- </signal>
|
||||||
|
- </interface>
|
||||||
|
- <interface name="org.fedorahosted.certmonger.ca">
|
||||||
|
- <method name="get_config_file_path">
|
||||||
|
- <arg name="path" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="get_nickname">
|
||||||
|
- <arg name="nickname" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <property name="nickname" type="s" access="read"/>
|
||||||
|
- <property name="aka" type="s" access="read"/>
|
||||||
|
- <method name="get_is_default">
|
||||||
|
- <arg name="default" type="b" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <property name="is-default" type="b" access="readwrite"/>
|
||||||
|
- <method name="get_type">
|
||||||
|
- <arg name="type" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="get_serial">
|
||||||
|
- <arg name="serial_hex" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="get_location">
|
||||||
|
- <arg name="path" type="s" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <property name="external-helper" type="s" access="readwrite"/>
|
||||||
|
- <method name="get_issuer_names">
|
||||||
|
- <arg name="names" type="as" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <method name="refresh">
|
||||||
|
- <arg name="working" type="b" direction="out"/>
|
||||||
|
- </method>
|
||||||
|
- <property name="ca-error" type="s" access="read"/>
|
||||||
|
- <property name="issuer-names" type="as" access="read"/>
|
||||||
|
- <property name="root-certs" type="a(ss)" access="read"/>
|
||||||
|
- <property name="root-other-certs" type="a(ss)" access="read"/>
|
||||||
|
- <property name="other-certs" type="a(ss)" access="read"/>
|
||||||
|
- <property name="required-enroll-attributes" type="as" access="read"/>
|
||||||
|
- <property name="required-renew-attributes" type="as" access="read"/>
|
||||||
|
- <property name="supported-profiles" type="as" access="read"/>
|
||||||
|
- <property name="default-profile" type="s" access="read"/>
|
||||||
|
- <property name="root-cert-files" type="as" access="readwrite"/>
|
||||||
|
- <property name="root-other-cert-files" type="as" access="readwrite"/>
|
||||||
|
- <property name="other-cert-files" type="as" access="readwrite"/>
|
||||||
|
- <property name="root-cert-nssdbs" type="as" access="readwrite"/>
|
||||||
|
- <property name="root-other-cert-nssdbs" type="as" access="readwrite"/>
|
||||||
|
- <property name="other-cert-nssdbs" type="as" access="readwrite"/>
|
||||||
|
- <property name="ca-presave-command" type="s" access="read"/>
|
||||||
|
- <property name="ca-presave-uid" type="s" access="read"/>
|
||||||
|
- <property name="ca-postsave-command" type="s" access="read"/>
|
||||||
|
- <property name="ca-postsave-uid" type="s" access="read"/>
|
||||||
|
- <property name="scep-cipher" type="s" access="readwrite"/>
|
||||||
|
- <property name="scep-digest" type="s" access="readwrite"/>
|
||||||
|
- <property name="scep-ca-identifier" type="s" access="readwrite"/>
|
||||||
|
- <property name="scep-ca-capabilities" type="as" access="read"/>
|
||||||
|
- <property name="scep-ra-cert" type="s" access="read"/>
|
||||||
|
- <property name="scep-ca-cert" type="s" access="read"/>
|
||||||
|
- <property name="scep-other-certs" type="s" access="read"/>
|
||||||
|
- </interface>
|
||||||
|
-</node>
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||||
|
-$tmpdir/cas/20180327134236-3
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||||
|
-dogtag-ipa-renew-agent
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ]
|
||||||
|
-0
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ]
|
||||||
|
-EXTERNAL
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_serial ]
|
||||||
|
-None
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_location ]
|
||||||
|
-$libexecdir/dogtag-ipa-renew-agent-submit
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
||||||
|
-dbus.Array([], signature=dbus.Signature('s'))
|
||||||
|
-
|
||||||
|
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ]
|
||||||
|
-1
|
||||||
|
-
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -0,0 +1,38 @@
|
|||||||
|
From 94dfc2f31b439db37b67d58e635169c29a4f8dde Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Wed, 16 Sep 2020 11:29:41 -0400
|
||||||
|
Subject: [PATCH 10/11] Add a local-srpm target to build an srpm from the
|
||||||
|
current checkout
|
||||||
|
|
||||||
|
The srpm target will pull the origin master branch and build from
|
||||||
|
that so it isn't useful for testing local changes.
|
||||||
|
---
|
||||||
|
Makefile.am | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 16d103ec..883c5932 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -29,6 +29,18 @@ ARCHIVEOUTDIR=$(shell cd $(top_srcdir) && pwd)
|
||||||
|
local-archive:
|
||||||
|
$(MAKE) archive ORIGIN=$(ARCHIVEOUTDIR)
|
||||||
|
|
||||||
|
+local-srpm:
|
||||||
|
+ repo=`pwd`; \
|
||||||
|
+ tmpdir=`mktemp -d /tmp/make_archive_XXXXXX`; \
|
||||||
|
+ if test -d "$$tmpdir" ; then \
|
||||||
|
+ git clone . $$tmpdir;\
|
||||||
|
+ cd $$tmpdir;\
|
||||||
|
+ ./make-srpm.sh;\
|
||||||
|
+ cp -v $(distdir)-*.src.rpm $(ARCHIVEOUTDIR)/;\
|
||||||
|
+ chmod -R u+rw $$tmpdir;\
|
||||||
|
+ rm -fr $$tmpdir;\
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
srpm:
|
||||||
|
repo=`pwd`; \
|
||||||
|
tmpdir=`mktemp -d /tmp/make_archive_XXXXXX`; \
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From eda1134a9db1246eb8a24e0e01cfe1fcbff10729 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Wed, 16 Sep 2020 11:30:10 -0400
|
||||||
|
Subject: [PATCH 11/11] Silence a rpm macro warning with an unescaped % in a
|
||||||
|
comment
|
||||||
|
|
||||||
|
---
|
||||||
|
certmonger.spec | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/certmonger.spec b/certmonger.spec
|
||||||
|
index a8e1d2e8..f2abd307 100644
|
||||||
|
--- a/certmonger.spec
|
||||||
|
+++ b/certmonger.spec
|
||||||
|
@@ -35,7 +35,7 @@ Group: System Environment/Daemons
|
||||||
|
License: GPLv3+
|
||||||
|
URL: http://pagure.io/certmonger/
|
||||||
|
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||||
|
-#Source1: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz.sig
|
||||||
|
+#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
||||||
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
|
|
||||||
|
BuildRequires: openldap-devel
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -1,195 +0,0 @@
|
|||||||
From 14d1b5f9a482a4740706dc1cb86c454662f48d4c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Wed, 7 Dec 2022 10:09:55 -0500
|
|
||||||
Subject: [PATCH] Revert "Remove the certmaster CA from the 028-dbus test"
|
|
||||||
|
|
||||||
This reverts commit dd8dcb899e0a159d1141b713993805565ffb6d28.
|
|
||||||
---
|
|
||||||
tests/028-dbus/expected.out | 130 ++++++++++++++++++++++++++++++++++--
|
|
||||||
1 file changed, 124 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
|
||||||
index 86cba02..544ebd7 100644
|
|
||||||
--- a/tests/028-dbus/expected.out
|
|
||||||
+++ b/tests/028-dbus/expected.out
|
|
||||||
@@ -35,6 +35,10 @@ CA 'IPA':
|
|
||||||
is-default: no
|
|
||||||
ca-type: EXTERNAL
|
|
||||||
helper-location: $libexecdir/ipa-submit
|
|
||||||
+CA 'certmaster':
|
|
||||||
+ is-default: no
|
|
||||||
+ ca-type: EXTERNAL
|
|
||||||
+ helper-location: $libexecdir/certmaster-submit
|
|
||||||
CA 'dogtag-ipa-renew-agent':
|
|
||||||
is-default: no
|
|
||||||
ca-type: EXTERNAL
|
|
||||||
@@ -42,8 +46,8 @@ CA 'dogtag-ipa-renew-agent':
|
|
||||||
|
|
||||||
[[ API ]]
|
|
||||||
[ simpleprop.py ]
|
|
||||||
-/org/fedorahosted/certmonger/cas/CA5
|
|
||||||
-/org/fedorahosted/certmonger/cas/CA5
|
|
||||||
+/org/fedorahosted/certmonger/cas/CA6
|
|
||||||
+/org/fedorahosted/certmonger/cas/CA6
|
|
||||||
: -> : -k admin@localhost -> :
|
|
||||||
0 -> 1 -> 0
|
|
||||||
[ walk.py ]
|
|
||||||
@@ -179,7 +183,7 @@ OK
|
|
||||||
OK
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
|
|
||||||
-dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o'))
|
|
||||||
+dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA5')], signature=dbus.Signature('o'))
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
|
|
||||||
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
|
||||||
@@ -507,6 +511,7 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
|
|
||||||
<node name="CA2"/>
|
|
||||||
<node name="CA3"/>
|
|
||||||
<node name="CA4"/>
|
|
||||||
+ <node name="CA5"/>
|
|
||||||
</node>
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
|
|
||||||
@@ -940,10 +945,10 @@ dbus.Array([], signature=dbus.Signature('s'))
|
|
||||||
</node>
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
|
||||||
-$tmpdir/cas/20180327134236-3
|
|
||||||
+$tmpdir/cas/20180327134236-2
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
|
|
||||||
-dogtag-ipa-renew-agent
|
|
||||||
+certmaster
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
|
|
||||||
0
|
|
||||||
@@ -955,7 +960,7 @@ EXTERNAL
|
|
||||||
None
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
|
|
||||||
-$libexecdir/dogtag-ipa-renew-agent-submit
|
|
||||||
+$libexecdir/certmaster-submit
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
|
||||||
dbus.Array([], signature=dbus.Signature('s'))
|
|
||||||
@@ -963,3 +968,116 @@ dbus.Array([], signature=dbus.Signature('s'))
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
|
|
||||||
1
|
|
||||||
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ]
|
|
||||||
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
|
|
||||||
+"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
|
|
||||||
+
|
|
||||||
+<node name="/org/fedorahosted/certmonger/cas/CA5">
|
|
||||||
+ <interface name="org.freedesktop.DBus.Introspectable">
|
|
||||||
+ <method name="Introspect">
|
|
||||||
+ <arg name="xml_data" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ </interface>
|
|
||||||
+ <interface name="org.freedesktop.DBus.Properties">
|
|
||||||
+ <method name="Get">
|
|
||||||
+ <arg name="interface_name" type="s" direction="in"/>
|
|
||||||
+ <arg name="property_name" type="s" direction="in"/>
|
|
||||||
+ <arg name="value" type="v" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="Set">
|
|
||||||
+ <arg name="interface_name" type="s" direction="in"/>
|
|
||||||
+ <arg name="property_name" type="s" direction="in"/>
|
|
||||||
+ <arg name="value" type="v" direction="in"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="GetAll">
|
|
||||||
+ <arg name="interface_name" type="s" direction="in"/>
|
|
||||||
+ <arg name="props" type="a{sv}" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <signal name="PropertiesChanged">
|
|
||||||
+ <arg name="interface_name" type="s"/>
|
|
||||||
+ <arg name="changed_properties" type="a{sv}"/>
|
|
||||||
+ <arg name="invalidated_properties" type="as"/>
|
|
||||||
+ </signal>
|
|
||||||
+ </interface>
|
|
||||||
+ <interface name="org.fedorahosted.certmonger.ca">
|
|
||||||
+ <method name="get_config_file_path">
|
|
||||||
+ <arg name="path" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="get_nickname">
|
|
||||||
+ <arg name="nickname" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <property name="nickname" type="s" access="read"/>
|
|
||||||
+ <property name="aka" type="s" access="read"/>
|
|
||||||
+ <method name="get_is_default">
|
|
||||||
+ <arg name="default" type="b" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <property name="is-default" type="b" access="readwrite"/>
|
|
||||||
+ <method name="get_type">
|
|
||||||
+ <arg name="type" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="get_serial">
|
|
||||||
+ <arg name="serial_hex" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="get_location">
|
|
||||||
+ <arg name="path" type="s" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <property name="external-helper" type="s" access="readwrite"/>
|
|
||||||
+ <method name="get_issuer_names">
|
|
||||||
+ <arg name="names" type="as" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name="refresh">
|
|
||||||
+ <arg name="working" type="b" direction="out"/>
|
|
||||||
+ </method>
|
|
||||||
+ <property name="ca-error" type="s" access="read"/>
|
|
||||||
+ <property name="issuer-names" type="as" access="read"/>
|
|
||||||
+ <property name="root-certs" type="a(ss)" access="read"/>
|
|
||||||
+ <property name="root-other-certs" type="a(ss)" access="read"/>
|
|
||||||
+ <property name="other-certs" type="a(ss)" access="read"/>
|
|
||||||
+ <property name="required-enroll-attributes" type="as" access="read"/>
|
|
||||||
+ <property name="required-renew-attributes" type="as" access="read"/>
|
|
||||||
+ <property name="supported-profiles" type="as" access="read"/>
|
|
||||||
+ <property name="default-profile" type="s" access="read"/>
|
|
||||||
+ <property name="root-cert-files" type="as" access="readwrite"/>
|
|
||||||
+ <property name="root-other-cert-files" type="as" access="readwrite"/>
|
|
||||||
+ <property name="other-cert-files" type="as" access="readwrite"/>
|
|
||||||
+ <property name="root-cert-nssdbs" type="as" access="readwrite"/>
|
|
||||||
+ <property name="root-other-cert-nssdbs" type="as" access="readwrite"/>
|
|
||||||
+ <property name="other-cert-nssdbs" type="as" access="readwrite"/>
|
|
||||||
+ <property name="ca-presave-command" type="s" access="read"/>
|
|
||||||
+ <property name="ca-presave-uid" type="s" access="read"/>
|
|
||||||
+ <property name="ca-postsave-command" type="s" access="read"/>
|
|
||||||
+ <property name="ca-postsave-uid" type="s" access="read"/>
|
|
||||||
+ <property name="scep-cipher" type="s" access="readwrite"/>
|
|
||||||
+ <property name="scep-digest" type="s" access="readwrite"/>
|
|
||||||
+ <property name="scep-ca-identifier" type="s" access="readwrite"/>
|
|
||||||
+ <property name="scep-ca-capabilities" type="as" access="read"/>
|
|
||||||
+ <property name="scep-ra-cert" type="s" access="read"/>
|
|
||||||
+ <property name="scep-ca-cert" type="s" access="read"/>
|
|
||||||
+ <property name="scep-other-certs" type="s" access="read"/>
|
|
||||||
+ </interface>
|
|
||||||
+</node>
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
|
||||||
+$tmpdir/cas/20180327134236-3
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
|
|
||||||
+dogtag-ipa-renew-agent
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ]
|
|
||||||
+0
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ]
|
|
||||||
+EXTERNAL
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_serial ]
|
|
||||||
+None
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_location ]
|
|
||||||
+$libexecdir/dogtag-ipa-renew-agent-submit
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
|
||||||
+dbus.Array([], signature=dbus.Signature('s'))
|
|
||||||
+
|
|
||||||
+[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ]
|
|
||||||
+1
|
|
||||||
+
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From 6224c3aa01665edddbda1ec7d1e35b03823eefcb Mon Sep 17 00:00:00 2001
|
|
||||||
From: root <root@ci-vm-10-0-137-168.hosted.upshift.rdu2.redhat.com>
|
|
||||||
Date: Wed, 7 Dec 2022 14:50:01 -0500
|
|
||||||
Subject: [PATCH] Don't run the 002-keygen-* tests when root
|
|
||||||
|
|
||||||
The permissions tests will fail.
|
|
||||||
---
|
|
||||||
tests/002-keygen-dbm/prequal.sh | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
create mode 100755 tests/002-keygen-dbm/prequal.sh
|
|
||||||
|
|
||||||
diff --git a/tests/002-keygen-dbm/prequal.sh b/tests/002-keygen-dbm/prequal.sh
|
|
||||||
new file mode 100755
|
|
||||||
index 0000000..b6c16e0
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/002-keygen-dbm/prequal.sh
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+#!/bin/sh
|
|
||||||
+if test `id -u` -eq 0 ; then
|
|
||||||
+ echo "This test won't work right if run as root."
|
|
||||||
+ exit 1
|
|
||||||
+fi
|
|
||||||
--
|
|
||||||
2.31.1
|
|
@ -1,47 +1,69 @@
|
|||||||
|
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
|
||||||
%global systemd 1
|
%global systemd 1
|
||||||
%global sysvinit 0
|
%global sysvinit 0
|
||||||
|
%else
|
||||||
|
%global systemd 0
|
||||||
|
%global sysvinit 1
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora} > 15 && 0%{?fedora} < 20
|
||||||
|
%global systemdsysv 1
|
||||||
|
%else
|
||||||
%global systemdsysv 0
|
%global systemdsysv 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
|
||||||
%global tmpfiles 1
|
%global tmpfiles 1
|
||||||
|
%else
|
||||||
|
%global tmpfiles 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora} > 9 || 0%{?rhel} > 5
|
||||||
%global sysvinitdir %{_initddir}
|
%global sysvinitdir %{_initddir}
|
||||||
|
%else
|
||||||
|
%global sysvinitdir %{_initrddir}
|
||||||
|
%endif
|
||||||
|
|
||||||
%bcond_without xmlrpc
|
%bcond_with xmlrpc
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.17
|
Version: 0.79.20
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
License: GPL-3.0-or-later
|
||||||
License: GPLv3+
|
|
||||||
URL: http://pagure.io/certmonger/
|
URL: http://pagure.io/certmonger/
|
||||||
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||||
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
||||||
|
|
||||||
Patch0001: 0001-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
|
|
||||||
Patch0002: 0002-Don-t-run-the-002-keygen-tests-when-root.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: gettext-devel
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
BuildRequires: python3-dbus
|
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
|
||||||
BuildRequires: dbus-devel
|
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||||
BuildRequires: nspr-devel
|
|
||||||
BuildRequires: nss-devel
|
|
||||||
BuildRequires: openssl-devel
|
|
||||||
BuildRequires: libuuid-devel
|
BuildRequires: libuuid-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: e2fsprogs-devel
|
||||||
|
%endif
|
||||||
BuildRequires: libtalloc-devel, libtevent-devel
|
BuildRequires: libtalloc-devel, libtevent-devel
|
||||||
|
%if 0%{?rhel} >= 6 || 0%{?fedora} >= 9
|
||||||
BuildRequires: libcurl-devel
|
BuildRequires: libcurl-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: curl-devel
|
||||||
|
%endif
|
||||||
BuildRequires: libxml2-devel
|
BuildRequires: libxml2-devel
|
||||||
%if %{with xmlrpc}
|
%if %{with xmlrpc}
|
||||||
BuildRequires: xmlrpc-c-devel
|
BuildRequires: xmlrpc-c-devel
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: jansson-devel
|
BuildRequires: jansson-devel
|
||||||
|
%if 0%{?rhel} && 0%{?rhel} < 6
|
||||||
|
BuildRequires: bind-libbind-devel
|
||||||
|
BuildRequires: mktemp
|
||||||
|
%endif
|
||||||
# Required for 'make check':
|
# Required for 'make check':
|
||||||
# for diff and cmp
|
# for diff and cmp
|
||||||
BuildRequires: diffutils
|
BuildRequires: diffutils
|
||||||
@ -58,10 +80,9 @@ BuildRequires: /usr/bin/dos2unix
|
|||||||
BuildRequires: /usr/bin/unix2dos
|
BuildRequires: /usr/bin/unix2dos
|
||||||
# for which
|
# for which
|
||||||
BuildRequires: /usr/bin/which
|
BuildRequires: /usr/bin/which
|
||||||
|
# for dbus tests
|
||||||
|
BuildRequires: python3-dbus
|
||||||
BuildRequires: popt-devel
|
BuildRequires: popt-devel
|
||||||
# for make check
|
|
||||||
BuildRequires: python3-devel
|
|
||||||
BuildRequires: krb5-devel
|
|
||||||
|
|
||||||
# we need a running system bus
|
# we need a running system bus
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
@ -69,6 +90,7 @@ Requires(post): %{_bindir}/dbus-send
|
|||||||
|
|
||||||
%if %{systemd}
|
%if %{systemd}
|
||||||
BuildRequires: systemd-units
|
BuildRequires: systemd-units
|
||||||
|
BuildRequires: make
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units, dbus, sed
|
Requires(preun): systemd-units, dbus, sed
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
@ -90,6 +112,10 @@ Requires(post): /sbin/chkconfig, /sbin/service
|
|||||||
Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
|
Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora} >= 15
|
||||||
|
# Certain versions of libtevent have incorrect internal ABI versions.
|
||||||
|
Conflicts: libtevent < 0.9.13
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Certmonger is a service which is primarily concerned with getting your
|
Certmonger is a service which is primarily concerned with getting your
|
||||||
@ -98,6 +124,12 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
|
|||||||
%prep
|
%prep
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
|
|
||||||
|
%if 0%{?rhel} > 0
|
||||||
|
# Enabled by default for RHEL for bug #765600, still disabled by default for
|
||||||
|
# Fedora pending a similar bug report there.
|
||||||
|
sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -i -f
|
autoreconf -i -f
|
||||||
%configure \
|
%configure \
|
||||||
@ -114,6 +146,7 @@ autoreconf -i -f
|
|||||||
%if %{with xmlrpc}
|
%if %{with xmlrpc}
|
||||||
--with-xmlrpc \
|
--with-xmlrpc \
|
||||||
%endif
|
%endif
|
||||||
|
--disable-dsa \
|
||||||
--with-tmpdir=/run/certmonger --enable-pie --enable-now
|
--with-tmpdir=/run/certmonger --enable-pie --enable-now
|
||||||
%if %{with xmlrpc}
|
%if %{with xmlrpc}
|
||||||
# For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
|
# For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
|
||||||
@ -131,10 +164,6 @@ install -m755 -d $RPM_BUILD_ROOT/run/certmonger
|
|||||||
%{find_lang} %{name}
|
%{find_lang} %{name}
|
||||||
|
|
||||||
%check
|
%check
|
||||||
# Seed then openssl RNG if not set
|
|
||||||
if [ ! -e $HOME/.rnd ] ; then
|
|
||||||
openssl rand -writerand $HOME/.rnd
|
|
||||||
fi
|
|
||||||
make check
|
make check
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -212,7 +241,6 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc README.md LICENSE STATUS doc/*.txt
|
%doc README.md LICENSE STATUS doc/*.txt
|
||||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/*
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/*
|
||||||
%{_datadir}/dbus-1/services/*
|
%{_datadir}/dbus-1/services/*
|
||||||
@ -236,106 +264,155 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Dec 7 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-2
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.79.20-3
|
||||||
- Skip the keygen tests when executed as root.
|
- Bump release for October 2024 mass rebuild:
|
||||||
|
Resolves: RHEL-64018
|
||||||
|
|
||||||
* Tue Dec 6 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-1
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.79.20-2
|
||||||
- Update to upstream 0.79.17 (#2139523)
|
- Bump release for June 2024 mass rebuild
|
||||||
- Certificate format validation when adding the SCEP server's CA (#2150025)
|
|
||||||
- Certmonger SCEP renewal should not use old challenges (#2150030)
|
|
||||||
- certmonger SEGV during rekey in FIPS mode (#2150070)
|
|
||||||
|
|
||||||
* Mon Oct 18 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-5
|
* Mon Jun 10 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.20-1
|
||||||
- certmonger creates CSRs with invalid DER syntax for X509v3 extensions
|
- Update to upstream 0.79.20
|
||||||
with critical=FALSE (#2012258)
|
|
||||||
|
|
||||||
* Wed Oct 06 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-4
|
* Tue Feb 20 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.19-5
|
||||||
- Certmonger SCEP renewal should not use old challenges (#1577570)
|
- Update tests to be compatible with OpenSSL 3.2
|
||||||
- Certmonger segfault after cert renewal request (#1881500)
|
|
||||||
- Include certificate NotBefore date in output of the 'getcert list' command
|
|
||||||
(#1940261)
|
|
||||||
- Certmonger certificates stuck in NEED_GUIDANCE (#2001079)
|
|
||||||
|
|
||||||
* Wed Apr 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-3
|
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.19-4
|
||||||
- Fix local CA to work under FIPS (#1950132)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Nov 10 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-2
|
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.19-3
|
||||||
- Rebuild with xmlrpc-c support enabled (#1687698)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Oct 28 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-1
|
* Fri Dec 22 2023 Florian Weimer <fweimer@redhat.com> - 0.79.19-2
|
||||||
- Rebase to 0.79.13 (#1891743)
|
- Fix C compatibility issues
|
||||||
|
|
||||||
* Thu Jul 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-15
|
* Tue Oct 10 2023 Rob Crittenden <rcritten@redhat.com> - 0.79.19-1
|
||||||
- Replace the previous fix for dbus restarting with PartOf in the
|
- Update to upstream 0.79.19
|
||||||
certmonger systemd service file to link the two (#1687698)
|
|
||||||
|
|
||||||
* Tue Jun 2 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-14
|
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.18-2
|
||||||
- Include &message=CA-IDENT with GetCACaps/GetCACert requests (#1843009)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
* Mon May 18 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-13
|
* Wed Apr 05 2023 Rob Crittenden <rcritten@redhat.com> - 0.79.18-1
|
||||||
- Exit gracefully if dbus is restarted (#1687698)
|
- Update to upstream 0.79.18
|
||||||
|
|
||||||
* Thu May 14 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-12
|
* Thu Feb 23 2023 Rob Crittenden <rcritten@redhat.com> - 0.79.17-4
|
||||||
- Add long command-line options to man pages and help output (#1782838)
|
- migrated to SPDX license
|
||||||
|
|
||||||
* Mon May 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-11
|
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.17-3
|
||||||
- Fix test failure in 039-fromfile
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
|
|
||||||
* Mon May 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-10
|
* Tue Dec 6 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-2
|
||||||
- Ensure that files read in have a trailing new-line (#1829490)
|
- Rename DBus service and conf files to match canonical name (#2151243)
|
||||||
|
|
||||||
* Thu Apr 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-9
|
* Wed Nov 30 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-1
|
||||||
- Call the secport equivalent of PR_ErrorToString
|
- Update to upstream 0.79.17
|
||||||
- Remove a couple of unused varaibles found by coverity
|
|
||||||
|
|
||||||
* Mon Apr 13 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.7-8
|
* Thu Aug 25 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.16-1
|
||||||
- Move systemd tmpfiles from /var/run to /run (#1804928)
|
- Update to upstream 0.79.16
|
||||||
- Improve logging in the SCEP helper (#1807691)
|
|
||||||
- Fix sort order of certificates passed into PKCS7_verify (#1808052)
|
|
||||||
- Add -N option to SCEP helper to separate web server chain from
|
|
||||||
SCEP issuer chain (#1808613)
|
|
||||||
- Add template profile, MS v2 template and issuer to getcert list
|
|
||||||
output (#1734451)
|
|
||||||
|
|
||||||
* Tue Dec 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-7
|
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.15-4
|
||||||
- Update gating requirements
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
* Mon Dec 16 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-6
|
* Mon Apr 11 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.15-3
|
||||||
- Rebuild
|
- Disable DSA key support. They do not work in FIPS mode at all and
|
||||||
|
are disabled by crypto policy by default.
|
||||||
|
|
||||||
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-5
|
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.15-2
|
||||||
- Fix use-after-free issue when retrieving CA chain (#1710632)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
|
|
||||||
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-4
|
* Wed Jan 5 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.15-1
|
||||||
- Optimize closing of file descriptors on fork (#1763745)
|
- Update to upstream 0.79.15
|
||||||
- Remove NOMODDB flag flag from context init, look for full tokens (#1746543)
|
|
||||||
- Retrieve full IPA CA chain (#1710632)
|
|
||||||
|
|
||||||
* Tue May 14 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
|
* Tue Oct 05 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-6
|
||||||
- Rebuild for new annobin (#1708095)
|
- Don't encode critical=FALSE in X509v3 extensions
|
||||||
|
|
||||||
* Fri May 10 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-2
|
* Wed Sep 29 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-5
|
||||||
- Rebuild for new annobin (#1708095)
|
- Fix FTBFS due to OpenSSL 3.0.0 API change between beta1 and 2.
|
||||||
|
|
||||||
* Thu May 9 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.79.7-1
|
* Wed Sep 15 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-4
|
||||||
- Rebase to 0.79.7 (#1708095)
|
- Port to OpenSSL 3.0.0
|
||||||
|
|
||||||
* Mon Oct 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-5
|
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.79.14-3
|
||||||
- Address more issues uncovered by static analysis (#1632449)
|
- Rebuilt with OpenSSL 3.0.0
|
||||||
|
|
||||||
* Tue Oct 2 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-4
|
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.14-2
|
||||||
- Improve handling of NSS tokens (#1624930)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
- Pull in upstream fixes discovered in coverity and clang (#1632449)
|
|
||||||
|
|
||||||
* Mon Aug 13 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-3
|
* Tue Jun 15 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
|
||||||
- Add BuildRequires on python3-devel (#1615507)
|
- Update to upstream 0.79.14
|
||||||
|
|
||||||
* Thu Aug 2 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-2
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.13-2
|
||||||
- Fix test failure on some platforms
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Aug 1 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-1
|
* Tue Oct 20 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-1
|
||||||
|
- Update to upstream 0.79.13
|
||||||
|
|
||||||
|
* Mon Oct 5 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.12-1
|
||||||
|
- Update to upstream 0.79.12
|
||||||
|
|
||||||
|
* Fri Sep 18 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-4
|
||||||
|
- Don't send SIGKILL to child processes to terminate them
|
||||||
|
- Switch to JSON for communication with IPA
|
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.11-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-2
|
||||||
|
- Fix for an unnecessary free() which can cause core dump.
|
||||||
|
|
||||||
|
* Tue Jun 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.11-1
|
||||||
|
- Update to upstream 0.79.11
|
||||||
|
|
||||||
|
* Thu Jun 25 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.10-1
|
||||||
|
- Update to upstream 0.79.10
|
||||||
|
|
||||||
|
* Thu Jan 30 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.9-1
|
||||||
|
- Update to upstream 0.79.9
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.8-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Oct 30 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-3
|
||||||
|
- Change python2-dbus build dependency to python3
|
||||||
|
- Convert tests to pass under python 3
|
||||||
|
- Skip DSA tests because it is disabled by default crypto policy
|
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-1
|
||||||
|
- Update to upstream 0.79.8
|
||||||
|
|
||||||
|
* Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
|
||||||
|
- Add BuildRequires for krb5-devel, the buildroot changed.
|
||||||
|
|
||||||
|
* Mon May 20 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-2
|
||||||
|
- Move systemd tmpfiles from /var/run to /run (upstream #111)
|
||||||
|
- Change /var/run -> /run in systemd service file
|
||||||
|
|
||||||
|
* Mon Feb 18 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-1
|
||||||
|
- Update to upstream 0.79.7
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Oct 4 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-4
|
||||||
|
- Pull in upstream fixes discovered in coverity and clang.
|
||||||
|
|
||||||
|
* Mon Oct 1 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-3
|
||||||
|
- Improve NSS token handling. The updated NSS crypto-policy enables all
|
||||||
|
tokens which broke requesting certificates due to the way that tokens
|
||||||
|
were managed.
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue May 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-1
|
||||||
- Update to upstream 0.79.6
|
- Update to upstream 0.79.6
|
||||||
- Fix unit tests to work with python 3
|
|
||||||
|
* Wed Mar 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.79.5-7
|
||||||
|
- Update Python 2 dependency declarations to new packaging standards
|
||||||
|
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||||
|
|
||||||
* Fri Feb 23 2018 Rob Crittenden <rcritten@redhat.com> 0.79.5-6
|
* Fri Feb 23 2018 Rob Crittenden <rcritten@redhat.com> 0.79.5-6
|
||||||
- Fix unit tests. NSS crypto policy disallows keys < 1024
|
- Fix unit tests. NSS crypto policy disallows keys < 1024
|
8
gating.yaml
Normal file
8
gating.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# recipients: abokovoy, frenaud, kaleem, ftrivino
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (certmonger-0.79.20.tar.gz) = 76685185172bbf2c766c477c399ce0b14c9fd2d81637b44b8da80ae045ebf6c650ae3d525a87dccd755a6c92d4a5916bb62f8ea1d8520c47ae64770be6a5d2be
|
1
tests/.fmf/version
Normal file
1
tests/.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
5
tests/provision.fmf
Normal file
5
tests/provision.fmf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
standard-inventory-qcow2:
|
||||||
|
qemu:
|
||||||
|
m: 2G
|
18
tests/tests.yml
Normal file
18
tests/tests.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tags: [ always ]
|
||||||
|
tasks:
|
||||||
|
- set_fact:
|
||||||
|
our_required_packages:
|
||||||
|
- wget # upstream-testsuite-execution-and-rebuild-test needs wget command
|
||||||
|
- yum-utils # upstream-testsuite-execution-and-rebuild-test needs yum-builddep command
|
||||||
|
- rpm-build # upstream-testsuite-execution-and-rebuild-test needs rpmbuild command
|
||||||
|
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tests:
|
||||||
|
- upstream-testsuite-execution-and-rebuild-test
|
||||||
|
required_packages: "{{ our_required_packages }}"
|
72
tests/upstream-testsuite-execution-and-rebuild-test/Makefile
Normal file
72
tests/upstream-testsuite-execution-and-rebuild-test/Makefile
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
|
||||||
|
# Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
|
||||||
|
# Author: Ales Marecek <amarecek@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Based on sudo rebuild test
|
||||||
|
|
||||||
|
export TEST=/CoreOS/certmonger/Sanity/upstream-testsuite-execution-and-rebuild-test
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Rob Crittenden <rcritten@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution." >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 30m" >> $(METADATA)
|
||||||
|
@echo "RunFor: sudo" >> $(METADATA)
|
||||||
|
@echo "Requires: sudo" >> $(METADATA)
|
||||||
|
@echo "Requires: sed" >> $(METADATA)
|
||||||
|
@echo "Requires: grep" >> $(METADATA)
|
||||||
|
@echo "Requires: rpm-build" >> $(METADATA)
|
||||||
|
@echo "Requires: yum-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: make" >> $(METADATA)
|
||||||
|
@echo "Requires: libcap-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: audit-libs-devel" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
@ -0,0 +1,3 @@
|
|||||||
|
PURPOSE of /CoreOS/certmonger/Sanity/upstream-testsuite-execution-and-rebuild-test
|
||||||
|
Description: This test rebuild certmonger source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
|
||||||
|
Author: Rob Crittenden <rcritten@redhat.com>
|
@ -0,0 +1,83 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
|
||||||
|
# Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
|
||||||
|
# Author: Ales Marecek <amarecek@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Based on sudo rebuild test
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="certmonger"
|
||||||
|
_SPEC_DIR="$(rpm --eval=%_specdir)"
|
||||||
|
_BUILD_DIR="$(rpm --eval=%_builddir)"
|
||||||
|
_LOG_REBUILD_F="${PACKAGE}-rebuild.log"
|
||||||
|
_LOG_TESTSUITE_F="${PACKAGE}-testsuite.log"
|
||||||
|
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm $PACKAGE
|
||||||
|
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||||
|
rlRun "pushd $TmpDir"
|
||||||
|
# Source package is needed for code inspection
|
||||||
|
rlFetchSrcForInstalled "${PACKAGE}" || yumdownloader --source "${PACKAGE}"
|
||||||
|
rlRun "find . -size 0 -delete" 0 "Remove empty src.rpm-s"
|
||||||
|
rlRun "yum-builddep -y --nogpgcheck ${PACKAGE}-*.src.rpm" 0 "Installing build dependencies"
|
||||||
|
[ -d ${_BUILD_DIR} ] && rlRun "rm -rf ${_BUILD_DIR}/*" 0 "Cleaning build directory"
|
||||||
|
rlRun "rpm -ivh ${PACKAGE}-*.src.rpm" 0 "Installing source rpm"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "QA_RPATHS=0x0002 rpmbuild -ba --noclean ${_SPEC_DIR}/${PACKAGE}.spec" 0 "Test: Rebuild of source '${PACKAGE}' package"
|
||||||
|
rlGetPhaseState
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
[ -d ${_BUILD_DIR} ] && rlRun "rm -rf ${_BUILD_DIR}/*-SPECPARTS" 0 "Cleaning SPECPARTS directory"
|
||||||
|
cd ${_BUILD_DIR}/${PACKAGE}-*
|
||||||
|
rlRun -s "make check" 0 "Test: Upstream testsuite"
|
||||||
|
cd ${TmpDir}
|
||||||
|
while read -r I; do
|
||||||
|
if [[ "$I" =~ $(echo '([^:]+): .+ tests run, .+ errors, (.*)% success rate') ]]; then
|
||||||
|
[[ "${BASH_REMATCH[2]}" == "100" ]]
|
||||||
|
rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
|
||||||
|
elif [[ "$I" =~ $(echo "([^:]+): .+ tests passed; (.+)/.+ tests failed") ]]; then
|
||||||
|
[[ "${BASH_REMATCH[2]}" == "0" ]]
|
||||||
|
rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
|
||||||
|
fi
|
||||||
|
done < $rlRun_LOG
|
||||||
|
rm -f $rlRun_LOG
|
||||||
|
else
|
||||||
|
rlFail "Skipping testsuite part because rebuild part failed."
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "popd"
|
||||||
|
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
Loading…
Reference in New Issue
Block a user