2012-09-14 19:23:52 +00:00
|
|
|
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
|
|
|
|
|
# also remove the space between % and global - this space is needed because
|
|
|
|
|
# fedpkg verrel stupidly ignores comment lines
|
2012-10-08 17:04:27 +00:00
|
|
|
%global prerel .b1
|
2012-09-14 19:23:52 +00:00
|
|
|
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
|
|
|
|
|
%global relprefix 0.
|
|
|
|
|
|
2011-03-24 05:16:52 +00:00
|
|
|
Summary: Dogtag Public Key Infrastructure (PKI) Suite
|
|
|
|
|
Name: dogtag-pki
|
2012-09-14 19:23:52 +00:00
|
|
|
Version: 10.0.0
|
2012-10-23 20:58:26 +00:00
|
|
|
Release: %{?relprefix}12%{?prerel}%{?dist}
|
2011-03-24 05:16:52 +00:00
|
|
|
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
|
|
|
|
|
License: GPLv2 and LGPLv2
|
|
|
|
|
URL: http://pki.fedoraproject.org/
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
|
BuildArch: noarch
|
|
|
|
|
|
2011-09-13 11:05:54 +00:00
|
|
|
# Establish MINIMUM package versions based upon platform
|
2012-09-14 19:23:52 +00:00
|
|
|
%if 0%{?fedora} >= 18
|
|
|
|
|
%define dogtag_pki_theme_version 10.0.0
|
|
|
|
|
%define esc_version 1.1.0
|
|
|
|
|
%define jss_version 4.2.6-24
|
|
|
|
|
%define pki_core_version 10.0.0
|
|
|
|
|
%define pki_kra_version 10.0.0
|
|
|
|
|
%define pki_ocsp_version 10.0.0
|
|
|
|
|
%define pki_ra_version 10.0.0
|
|
|
|
|
%define pki_tks_version 10.0.0
|
|
|
|
|
%define pki_tps_version 10.0.0
|
|
|
|
|
%define pki_console_version 10.0.0
|
2012-10-23 20:58:26 +00:00
|
|
|
%define tomcatjss_version 7.0.0-3
|
2012-09-14 19:23:52 +00:00
|
|
|
%else
|
2011-10-31 01:09:24 +00:00
|
|
|
%if 0%{?fedora} >= 17
|
2012-09-14 19:23:52 +00:00
|
|
|
%define dogtag_pki_theme_version 10.0.0
|
2011-10-31 01:09:24 +00:00
|
|
|
%define esc_version 1.1.0
|
2012-09-14 19:23:52 +00:00
|
|
|
%define jss_version 4.2.6-24
|
|
|
|
|
%define pki_core_version 10.0.0
|
|
|
|
|
%define pki_kra_version 10.0.0
|
|
|
|
|
%define pki_ocsp_version 10.0.0
|
|
|
|
|
%define pki_ra_version 10.0.0
|
|
|
|
|
%define pki_tks_version 10.0.0
|
|
|
|
|
%define pki_tps_version 10.0.0
|
|
|
|
|
%define pki_console_version 10.0.0
|
2012-10-23 20:58:26 +00:00
|
|
|
%define tomcatjss_version 7.0.0-3
|
2011-10-31 01:09:24 +00:00
|
|
|
%else
|
2011-09-13 11:05:54 +00:00
|
|
|
%if 0%{?fedora} >= 16
|
2012-09-14 19:23:52 +00:00
|
|
|
%define dogtag_pki_theme_version 10.0.0
|
2011-09-13 11:05:54 +00:00
|
|
|
%define esc_version 1.1.0
|
2012-09-14 19:23:52 +00:00
|
|
|
%define jss_version 4.2.6-24
|
|
|
|
|
%define pki_core_version 10.0.0
|
|
|
|
|
%define pki_kra_version 10.0.0
|
|
|
|
|
%define pki_ocsp_version 10.0.0
|
|
|
|
|
%define pki_ra_version 10.0.0
|
|
|
|
|
%define pki_tks_version 10.0.0
|
|
|
|
|
%define pki_tps_version 10.0.0
|
|
|
|
|
%define pki_console_version 10.0.0
|
2011-10-31 01:09:24 +00:00
|
|
|
%define tomcatjss_version 6.0.2
|
|
|
|
|
%else
|
2012-09-14 19:23:52 +00:00
|
|
|
%define dogtag_pki_theme_version 10.0.0
|
2011-09-13 11:05:54 +00:00
|
|
|
%define esc_version 1.1.0
|
2012-09-14 19:23:52 +00:00
|
|
|
%define jss_version 4.2.6-24
|
|
|
|
|
%define pki_core_version 10.0.0
|
|
|
|
|
%define pki_kra_version 10.0.0
|
|
|
|
|
%define pki_ocsp_version 10.0.0
|
|
|
|
|
%define pki_ra_version 10.0.0
|
|
|
|
|
%define pki_tks_version 10.0.0
|
|
|
|
|
%define pki_tps_version 10.0.0
|
|
|
|
|
%define pki_console_version 10.0.0
|
2011-09-13 11:05:54 +00:00
|
|
|
%define tomcatjss_version 2.0.0
|
2011-03-27 04:19:26 +00:00
|
|
|
%endif
|
2011-10-31 01:09:24 +00:00
|
|
|
%endif
|
|
|
|
|
%endif
|
2011-03-24 05:16:52 +00:00
|
|
|
|
2012-09-14 19:23:52 +00:00
|
|
|
Requires: apache-commons-codec
|
|
|
|
|
|
2011-09-13 11:05:54 +00:00
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL top-level Dogtag PKI support packages
|
|
|
|
|
Requires: jss >= %{jss_version}
|
|
|
|
|
Requires: tomcatjss >= %{tomcatjss_version}
|
|
|
|
|
|
2011-03-24 05:16:52 +00:00
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL top-level Dogtag PKI support javadocs
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: jss-javadoc >= %{jss_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL Dogtag PKI theme packages
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: dogtag-pki-ca-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-common-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-console-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-kra-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-ocsp-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-ra-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-tks-theme >= %{dogtag_pki_theme_version}
|
|
|
|
|
Requires: dogtag-pki-tps-theme >= %{dogtag_pki_theme_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL Dogtag PKI core packages
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: pki-ca >= %{pki_core_version}
|
2012-09-14 19:23:52 +00:00
|
|
|
Requires: pki-server >= %{pki_core_version}
|
|
|
|
|
Requires: pki-tools >= %{pki_core_version}
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: pki-symkey >= %{pki_core_version}
|
2012-09-14 19:23:52 +00:00
|
|
|
Requires: pki-base >= %{pki_core_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
2012-10-23 20:58:26 +00:00
|
|
|
%if 0%{?fedora} <= 17
|
|
|
|
|
Requires: pki-selinux >= %{pki_core_version}
|
|
|
|
|
%else
|
|
|
|
|
Requires: selinux-policy-base >= 3.11.1-43
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-03-24 05:16:52 +00:00
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL Dogtag PKI core javadocs
|
2012-10-01 20:09:07 +00:00
|
|
|
Requires: pki-javadoc >= %{pki_core_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL other Dogtag PKI subsystems
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: pki-kra >= %{pki_kra_version}
|
|
|
|
|
Requires: pki-ocsp >= %{pki_ocsp_version}
|
|
|
|
|
Requires: pki-ra >= %{pki_ra_version}
|
|
|
|
|
Requires: pki-tks >= %{pki_tks_version}
|
|
|
|
|
Requires: pki-tps >= %{pki_tps_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of Dogtag PKI console
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: pki-console >= %{pki_console_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# Make certain that this 'meta' package requires the latest version(s)
|
|
|
|
|
# of ALL Dogtag PKI clients
|
2011-09-13 11:05:54 +00:00
|
|
|
Requires: esc >= %{esc_version}
|
2011-03-24 05:16:52 +00:00
|
|
|
|
|
|
|
|
# NOTE: Several PKI packages require a "virtual" theme component. These
|
|
|
|
|
# "virtual" theme components are "Provided" by various theme "flavors"
|
|
|
|
|
# including "dogtag", "redhat", and "ipa". Consequently,
|
|
|
|
|
# all "dogtag", "redhat", and "ipa" theme components MUST be
|
|
|
|
|
# mutually exclusive!
|
|
|
|
|
#
|
|
|
|
|
# On Fedora systems, the "dogtag" theme packages are the ONLY available
|
|
|
|
|
# theme components.
|
|
|
|
|
#
|
|
|
|
|
# Similarly, the "ipa" theme packages are ONLY available on RHEL
|
|
|
|
|
# systems, and represent the default theme components.
|
|
|
|
|
#
|
|
|
|
|
# Alternatively, on RHEL systems, if the "dogtag" theme packages are
|
|
|
|
|
# available as EPEL packages, while they may be used as a transparent
|
|
|
|
|
# replacement for their corresponding "ipa" theme package, they are not
|
|
|
|
|
# intended to be used as a replacement for their corresponding "redhat"
|
|
|
|
|
# theme components.
|
|
|
|
|
#
|
|
|
|
|
# Finally, if available for a RHEL system (e. g. - RHCS subscription),
|
|
|
|
|
# each "redhat" theme package MUST be used as a transparent replacement
|
|
|
|
|
# for its corresponding "ipa" theme package or "dogtag" theme package.
|
|
|
|
|
Obsoletes: ipa-pki
|
|
|
|
|
Conflicts: redhat-pki
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
The Dogtag Public Key Infrastructure (PKI) Suite is comprised of the following
|
|
|
|
|
six subsystems and a client (for use by a Token Management System):
|
|
|
|
|
|
|
|
|
|
* Certificate Authority (CA)
|
|
|
|
|
* Data Recovery Manager (DRM)
|
|
|
|
|
* Online Certificate Status Protocol (OCSP) Manager
|
|
|
|
|
* Registration Authority (RA)
|
|
|
|
|
* Token Key Service (TKS)
|
|
|
|
|
* Token Processing System (TPS)
|
|
|
|
|
* Enterprise Security Client (ESC)
|
|
|
|
|
|
|
|
|
|
Additionally, it provides a console GUI application used for server and
|
|
|
|
|
user/group administration of CA, DRM, OCSP, and TKS, javadocs on portions
|
|
|
|
|
of the Dogtag API, as well as various command-line tools used to assist with
|
|
|
|
|
a PKI deployment.
|
|
|
|
|
|
|
|
|
|
To successfully deploy instances of a CA, DRM, OCSP, or TKS,
|
|
|
|
|
a Tomcat Web Server must be up and running locally on this machine.
|
|
|
|
|
|
|
|
|
|
To successfully deploy instances of an RA, or TPS,
|
|
|
|
|
an Apache Web Server must be up and running locally on this machine.
|
|
|
|
|
|
|
|
|
|
To meet the database storage requirements of each CA, DRM, OCSP, TKS, or TPS
|
|
|
|
|
instance, a 389 Directory Server must be up and running either locally on
|
|
|
|
|
this machine, or remotely over the attached network connection.
|
|
|
|
|
|
|
|
|
|
To meet the database storage requirements of an RA, an SQLite database will
|
|
|
|
|
be created locally on this machine each time a new RA instance is created.
|
|
|
|
|
|
|
|
|
|
After installation of this package, use the 'pkicreate' and 'pkiremove'
|
|
|
|
|
utilities to respectively create and remove PKI instances.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
cat > README <<EOF
|
|
|
|
|
This package is just a "meta-package" whose dependencies pull in all of the
|
|
|
|
|
packages comprising the Dogtag Public Key Infrastructure (PKI) Suite.
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
rm -rf %{buildroot}
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%defattr(-,root,root,-)
|
|
|
|
|
%doc README
|
|
|
|
|
|
|
|
|
|
%changelog
|
2012-10-23 20:58:26 +00:00
|
|
|
* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.12.b1
|
|
|
|
|
- Remove pki-selinux from f18 build
|
|
|
|
|
|
|
|
|
|
* Fri Oct 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.11.b1
|
|
|
|
|
- Update tomcatjss version
|
|
|
|
|
|
2012-10-08 17:04:27 +00:00
|
|
|
* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.10.b1
|
|
|
|
|
- Update release to b1
|
|
|
|
|
|
|
|
|
|
* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.10.a2
|
|
|
|
|
- Merged pki-silent into pki-server.
|
|
|
|
|
|
2012-10-01 20:09:07 +00:00
|
|
|
* Mon Oct 1 2012 Ade Lee <alee@redhat.com> 10.0.0-0.9.a2
|
|
|
|
|
- Update release to a2
|
|
|
|
|
|
|
|
|
|
* Mon Sep 24 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.9.a1
|
|
|
|
|
- Merged pki-setup into pki-server
|
|
|
|
|
- Fixed pki-javadoc dependency
|
|
|
|
|
|
2012-09-14 19:23:52 +00:00
|
|
|
* Wed Aug 22 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.8.a1
|
|
|
|
|
- Replaced pki-native-tools and pki-java-tools with pki-tools
|
|
|
|
|
|
|
|
|
|
* Wed Aug 22 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.7.a1
|
|
|
|
|
- Replaced pki-util, pki-deploy, pki-common with pki-base and pki-server
|
|
|
|
|
|
|
|
|
|
* Tue Aug 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.6.a1
|
|
|
|
|
- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17
|
|
|
|
|
- Added 'pki-deploy' runtime dependency
|
|
|
|
|
|
|
|
|
|
* Thu Jun 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.5.a1
|
|
|
|
|
- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18
|
|
|
|
|
|
|
|
|
|
* Thu Apr 5 2012 Christina Fu <cfu@redhat.com> 10.0.0-0.4.a1
|
|
|
|
|
- Bug 745278 - [RFE] ECC encryption keys cannot be archived
|
|
|
|
|
|
|
|
|
|
* Wed Feb 22 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.3.a1
|
|
|
|
|
- Removed dependency on OSUtil.
|
|
|
|
|
|
|
|
|
|
* Wed Feb 22 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.2.a1
|
|
|
|
|
- Added dependency on Apache Commons Codec.
|
|
|
|
|
|
|
|
|
|
* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
|
|
|
|
|
- Updated package version number
|
2012-01-07 04:18:15 +00:00
|
|
|
|
2011-10-31 01:09:24 +00:00
|
|
|
* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
|
|
|
|
|
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
|
|
|
|
|
(rawhide) . . .
|
|
|
|
|
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
|
|
|
|
|
OCSP, and TKS package installation . . .
|
|
|
|
|
|
|
|
|
|
* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1
|
|
|
|
|
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
|
|
|
|
|
- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
|
|
|
|
|
|
2011-09-13 11:05:54 +00:00
|
|
|
* Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-6
|
|
|
|
|
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
|
|
|
|
|
- Established MINIMUM package versions based upon platform
|
|
|
|
|
|
2011-07-15 23:56:20 +00:00
|
|
|
* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-5
|
|
|
|
|
- Bugzilla Bug #669226 - Remove Legacy Build System
|
|
|
|
|
- Updated release of 'tomcatjss' for Fedora 15
|
|
|
|
|
|
|
|
|
|
* Wed Jul 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-4
|
|
|
|
|
- Updated release of 'osutil' for Fedora 15
|
|
|
|
|
- Updated release of 'jss' and 'jss-javadoc'
|
|
|
|
|
|
2011-04-14 19:18:34 +00:00
|
|
|
* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3
|
|
|
|
|
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
|
|
|
|
|
- Bugzilla Bug #693327 - Missing requires: tomcatjss
|
|
|
|
|
|
2011-03-27 04:19:26 +00:00
|
|
|
* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-2
|
|
|
|
|
- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
|
|
|
|
|
- Require "tomcatjss >= 2.1.1" as a build and runtime requirement
|
|
|
|
|
for Fedora 15 and later platforms
|
|
|
|
|
|
2011-03-24 05:16:52 +00:00
|
|
|
* Wed Mar 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
|
|
|
|
|
- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
|
