From 263c294814caac55acb35943b55602c9d36d5520 Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Tue, 7 May 2019 16:54:45 -0400 Subject: [PATCH] Rebase PKI 10.7.0 Signed-off-by: Dinesh Prasanth M K --- .gitignore | 1 + dogtag-pki.spec | 282 +++++++++++++++--------------------------------- sources | 2 +- 3 files changed, 90 insertions(+), 195 deletions(-) diff --git a/.gitignore b/.gitignore index f6e349f..67dd762 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /pki-10.6.7.tar.gz /pki-10.6.8.tar.gz /pki-10.6.9.tar.gz +/pki-10.7.0.tar.gz diff --git a/dogtag-pki.spec b/dogtag-pki.spec index c454fdc..999df00 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -7,8 +7,8 @@ URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.6.9 -Release: 2%{?_timestamp}%{?_commit_id}%{?dist} +Version: 10.7.0 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 # To create a tarball from a version tag: @@ -239,31 +239,6 @@ BuildRequires: resteasy-core >= 3.0.17-1 BuildRequires: resteasy-jackson2-provider >= 3.0.17-1 %endif -%if 0%{?with_python2} -%if 0%{?rhel} -# no pylint -%else -BuildRequires: pylint -%if 0%{?fedora} && 0%{?fedora} <= 27 -BuildRequires: python-flake8 >= 2.5.4 -BuildRequires: pyflakes >= 1.2.3 -%else -BuildRequires: python2-flake8 >= 2.5.4 -BuildRequires: python2-pyflakes >= 1.2.3 -%endif -%endif -%endif # with_python2 - -%if 0%{?with_python3} -%if 0%{?rhel} -# no pylint -%else -BuildRequires: python3-pylint -BuildRequires: python3-flake8 >= 2.5.4 -BuildRequires: python3-pyflakes >= 1.2.3 -%endif -%endif # with_python3 - %if 0%{?with_python2} BuildRequires: python2 BuildRequires: python2-devel @@ -313,24 +288,16 @@ BuildRequires: jpackage-utils >= 0:1.7.5-10 BuildRequires: jss >= 4.4.0-11 BuildRequires: tomcatjss >= 7.2.1-4 %else -BuildRequires: jss >= 4.5.0-1 -BuildRequires: tomcatjss >= 7.3.6 +BuildRequires: jss >= 4.5.3 +BuildRequires: tomcatjss >= 7.4.0 %endif BuildRequires: systemd-units %if 0%{?rhel} && 0%{?rhel} <= 7 BuildRequires: tomcat >= 7.0.69 %else -%if 0%{?fedora} && 0%{?fedora} <= 27 -BuildRequires: tomcat >= 8.0.49 -%else -%if 0%{?fedora} && 0%{?fedora} <= 28 -BuildRequires: tomcat >= 1:8.5.23 -%else BuildRequires: tomcat >= 1:9.0.7 %endif -%endif -%endif # additional build requirements needed to build native 'tpsclient' # REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app @@ -343,6 +310,13 @@ BuildRequires: systemd BuildRequires: zlib BuildRequires: zlib-devel +# build dependency to build man pages +BuildRequires: go-md2man + +# PKICertImport depends on certutil and openssl +BuildRequires: nss-tools +BuildRequires: openssl + # description for top-level package (if there is a separate meta package) %if "%{name}" != "%{brand}-pki" %description @@ -376,21 +350,22 @@ Requires: %{brand}-pki-console-theme >= %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages -Requires: pki-base-java >= %{version} +Requires: pki-base-java = %{version} %if 0%{?with_python3} -Requires: pki-base-python3 >= %{version} +Requires: pki-base-python3 = %{version} %endif -Requires: pki-tools >= %{version} -Requires: pki-server >= %{version} -Requires: pki-ca >= %{version} -Requires: pki-kra >= %{version} -Requires: pki-ocsp >= %{version} -Requires: pki-tks >= %{version} -Requires: pki-tps >= %{version} +Requires: pki-tools = %{version} +Requires: pki-server = %{version} +Requires: pki-ca = %{version} +Requires: pki-kra = %{version} +Requires: pki-ocsp = %{version} +Requires: pki-tks = %{version} +Requires: pki-tps = %{version} # Make certain that this 'meta' package requires the latest version(s) # of PKI console -Requires: pki-console >= %{version} +Requires: pki-console = %{version} +Requires: pki-javadoc = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI clients @@ -432,10 +407,16 @@ Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: jss >= 4.4.0-11 %else -Requires: jss >= 4.5.0-1 +Requires: jss >= 4.5.3 %endif Requires: nss >= 3.38.0 +# Ensure we end up with a useful installation +Conflicts: pki-symkey < %{version} +Conflicts: pki-javadoc < %{version} +Conflicts: pki-server-theme < %{version} +Conflicts: pki-console-theme < %{version} + %description -n pki-symkey The PKI Symmetric Key Java Package supplies various native symmetric key operations to Java programs. @@ -449,13 +430,19 @@ BuildArch: noarch Requires: nss >= 3.36.1 %if 0%{?with_python3_default} -Requires: python3-pki = %{version}-%{release} -Requires(post): python3-pki = %{version}-%{release} +Requires: python3-pki = %{version} +Requires(post): python3-pki = %{version} %else -Requires: python2-pki = %{version}-%{release} -Requires(post): python2-pki = %{version}-%{release} +Requires: python2-pki = %{version} +Requires(post): python2-pki = %{version} %endif # with_python3_default +# Ensure we end up with a useful installation +Conflicts: pki-symkey < %{version} +Conflicts: pki-javadoc < %{version} +Conflicts: pki-server-theme < %{version} +Conflicts: pki-console-theme < %{version} + %description -n pki-base The PKI Base Package contains the common and client libraries and utilities written in Python. @@ -469,12 +456,12 @@ Summary: PKI Python 2 Package BuildArch: noarch Obsoletes: pki-base-python2 < %{version} -Provides: pki-base-python2 = %{version}-%{release} +Provides: pki-base-python2 = %{version} %if 0%{?fedora} %{?python_provide:%python_provide python2-pki} %endif -Requires: pki-base >= %{version}-%{release} +Requires: pki-base = %{version} Requires: python2-cryptography %if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 Requires: python-nss @@ -500,12 +487,12 @@ Summary: PKI Python 3 Package BuildArch: noarch Obsoletes: pki-base-python3 < %{version} -Provides: pki-base-python3 = %{version}-%{release} +Provides: pki-base-python3 = %{version} %if 0%{?fedora} %{?python_provide:%python_provide python3-pki} %endif -Requires: pki-base >= %{version}-%{release} +Requires: pki-base = %{version} Requires: python3-cryptography Requires: python3-lxml Requires: python3-nss @@ -538,15 +525,14 @@ Requires: slf4j %else Requires: slf4j-jdk14 %endif -Requires: javassist Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: jss >= 4.4.0-11 %else -Requires: jss >= 4.5.0-1 +Requires: jss >= 4.5.3 %endif Requires: ldapjdk >= 4.20 -Requires: pki-base >= %{version}-%{release} +Requires: pki-base = %{version} %if 0%{?rhel} && 0%{?rhel} <= 7 # 'resteasy-base' is a subset of the complete set of @@ -583,7 +569,11 @@ Summary: PKI Tools Package Requires: openldap-clients Requires: nss-tools >= 3.36.1 -Requires: pki-base-java >= %{version}-%{release} +Requires: pki-base-java = %{version} + +# PKICertImport depends on certutil and openssl +Requires: nss-tools +Requires: openssl %description -n pki-tools This package contains PKI executables that can be used to help make @@ -610,9 +600,10 @@ Requires: openssl >= 1.0.2k-11 %else Requires: openssl %endif -Requires: pki-symkey >= %{version}-%{release} -Requires: pki-base-java >= %{version}-%{release} -Requires: pki-tools >= %{version}-%{release} +Requires: pki-symkey = %{version} +Requires: pki-tools = %{version} + +Requires: keyutils %if 0%{?rhel} && 0%{?rhel} <= 7 # no policycoreutils-python-utils @@ -667,7 +658,7 @@ Requires(pre): shadow-utils %if 0%{?rhel} && 0%{?rhel} <= 7 Requires: tomcatjss >= 7.2.1-4 %else -Requires: tomcatjss >= 7.3.6 +Requires: tomcatjss >= 7.4.0 %endif # https://pagure.io/freeipa/issue/7742 @@ -693,7 +684,7 @@ following PKI subsystems: Summary: PKI CA Package BuildArch: noarch -Requires: pki-server >= %{version}-%{release} +Requires: pki-server = %{version} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -717,7 +708,7 @@ where it obtains its own signing certificate from a public CA. Summary: PKI KRA Package BuildArch: noarch -Requires: pki-server >= %{version}-%{release} +Requires: pki-server = %{version} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -747,7 +738,7 @@ since such archival would undermine non-repudiation properties of signing keys. Summary: PKI OCSP Package BuildArch: noarch -Requires: pki-server >= %{version}-%{release} +Requires: pki-server = %{version} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -784,7 +775,7 @@ whenever they are issued or updated. Summary: PKI TKS Package BuildArch: noarch -Requires: pki-server >= %{version}-%{release} +Requires: pki-server = %{version} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -814,7 +805,7 @@ behind the firewall with restricted access. Summary: PKI TPS Package -Requires: pki-server >= %{version}-%{release} +Requires: pki-server = %{version} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -855,6 +846,12 @@ smart card. Summary: PKI Javadoc Package BuildArch: noarch +# Ensure we end up with a useful installation +Conflicts: pki-base < %{version} +Conflicts: pki-symkey < %{version} +Conflicts: pki-server-theme < %{version} +Conflicts: pki-console-theme < %{version} + %description -n pki-javadoc This package contains PKI API documentation. @@ -871,8 +868,8 @@ BuildArch: noarch BuildRequires: idm-console-framework >= 1.2.0 Requires: idm-console-framework >= 1.2.0 -Requires: pki-base-java >= %{version} -Requires: pki-console-theme >= %{version} +Requires: pki-base-java = %{version} +Requires: pki-console-theme = %{version} %description -n pki-console The PKI Console is a Java application used to administer PKI server. @@ -893,7 +890,13 @@ following "Mutually-Exclusive" PKI Theme packages: Summary: Dogtag PKI Server Theme Package BuildArch: noarch -Provides: pki-server-theme = %{version}-%{release} +Provides: pki-server-theme = %{version} + +# Ensure we end up with a useful installation +Conflicts: pki-base < %{version} +Conflicts: pki-symkey < %{version} +Conflicts: pki-console-theme < %{version} +Conflicts: pki-javadoc < %{version} %description -n %{brand}-pki-server-theme This PKI Server Theme Package contains @@ -906,7 +909,13 @@ Dogtag textual and graphical user interface for PKI Server. Summary: Dogtag PKI Console Theme Package BuildArch: noarch -Provides: pki-console-theme = %{version}-%{release} +Provides: pki-console-theme = %{version} + +# Ensure we end up with a useful installation +Conflicts: pki-base < %{version} +Conflicts: pki-symkey < %{version} +Conflicts: pki-server-theme < %{version} +Conflicts: pki-javadoc < %{version} %description -n %{brand}-pki-console-theme This PKI Console Theme Package contains @@ -1005,7 +1014,6 @@ EOF %if 0%{?rhel} && 0%{?rhel} <= 7 # no link customization %else - rm -f %{buildroot}%{_datadir}/pki/lib/scannotation.jar ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar %endif @@ -1046,8 +1054,6 @@ mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5/01-AddTPSExternalRegISEtoke # Customize server common library links in /usr/share/pki/server/common/lib %if 0%{?fedora} || 0%{?rhel} > 7 - rm -f %{buildroot}%{_datadir}/pki/server/common/lib/scannotation.jar - rm -f %{buildroot}%{_datadir}/pki/server/common/lib/resteasy-jaxrs-api.jar ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar @@ -1078,56 +1084,6 @@ fi rm -f %{buildroot}%{_datadir}/pki/server/lib/slf4j-jdk14.jar %endif -%if 0%{?rhel} -# no pylint -%else - -################################################################################ -echo "Scanning Python code with pylint" -################################################################################ - -%if 0%{?with_python3_default} -%{__python3} ../tools/pylint-build-scan.py rpm --prefix %{buildroot} -if [ $? -ne 0 ]; then - echo "pylint for Python 3 failed. RC: $?" - exit 1 -fi -%else -%{__python2} ../tools/pylint-build-scan.py rpm --prefix %{buildroot} -if [ $? -ne 0 ]; then - echo "pylint for Python 2 failed. RC: $?" - exit 1 -fi - -%{__python2} ../tools/pylint-build-scan.py rpm --prefix %{buildroot} -- --py3k -if [ $? -ne 0 ]; then - echo "pylint for Python 2 with --py3k failed. RC: $?" - exit 1 -fi -%endif # with_python3_default - -################################################################################ -echo "Scanning Python code with flake8" -################################################################################ - -%if 0%{?with_python2} -flake8 --config ../tox.ini %{buildroot} -if [ $? -ne 0 ]; then - echo "flake8 for Python 2 failed. RC: $?" - exit 1 -fi -%endif # with_python2 - -%if 0%{?with_python3} -python3-flake8 --config ../tox.ini %{buildroot} -if [ $? -ne 0 ]; then - echo "flake8 for Python 3 failed. RC: $?" - exit 1 -fi -%endif # with_python3 - -%endif - %endif # with server %if %{with base} @@ -1350,6 +1306,7 @@ fi %{_bindir}/OCSPClient %{_bindir}/PKCS10Client %{_bindir}/PKCS12Export +%{_bindir}/PKICertImport %{_bindir}/PrettyPrintCert %{_bindir}/PrettyPrintCrl %{_bindir}/TokenInfo @@ -1368,13 +1325,13 @@ fi %{_mandir}/man1/PrettyPrintCrl.1.gz %{_mandir}/man1/pki.1.gz %{_mandir}/man1/pki-audit.1.gz +%{_mandir}/man1/pki-ca-cert.1.gz %{_mandir}/man1/pki-ca-kraconnector.1.gz %{_mandir}/man1/pki-ca-profile.1.gz -%{_mandir}/man1/pki-cert.1.gz %{_mandir}/man1/pki-client.1.gz %{_mandir}/man1/pki-group.1.gz %{_mandir}/man1/pki-group-member.1.gz -%{_mandir}/man1/pki-key.1.gz +%{_mandir}/man1/pki-kra-key.1.gz %{_mandir}/man1/pki-pkcs12-cert.1.gz %{_mandir}/man1/pki-pkcs12-key.1.gz %{_mandir}/man1/pki-pkcs12.1.gz @@ -1384,6 +1341,7 @@ fi %{_mandir}/man1/pki-user-cert.1.gz %{_mandir}/man1/pki-user-membership.1.gz %{_mandir}/man1/PKCS10Client.1.gz +%{_mandir}/man1/PKICertImport.1.gz %endif # with base @@ -1580,69 +1538,5 @@ fi ################################################################################ %changelog -* Thu Jan 31 2019 Fedora Release Engineering - 10.6.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Tue Jan 15 2019 Dogtag PKI Team - 10.6.9-1 -- Rebased to PKI 10.6.9 - -* Tue Dec 04 2018 Dogtag PKI Team - 10.6.8-3 -- Conflict older PKI versions - -* Tue Dec 04 2018 Dogtag PKI Team - 10.6.8-2 -- Updated internal dependency versions - -* Fri Nov 30 2018 Dogtag PKI Team - 10.6.8-1 -- Rebased to PKI 10.6.8 - -* Mon Aug 13 2018 Dogtag PKI Team - 10.6.7-1 -- Rebased to PKI 10.6.7 - -* Mon Aug 13 2018 Dogtag PKI Team - 10.6.6-1 -- Rebased to PKI 10.6.6 - -* Wed Aug 08 2018 Dogtag PKI Team - 10.6.5-1 -- Rebased to PKI 10.6.5 - -* Fri Jul 20 2018 Dogtag PKI Team - 10.6.4-1 -- Rebased to PKI 10.6.4 - -* Thu Jul 12 2018 Fedora Release Engineering - 10.6.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Thu Jul 05 2018 Dogtag PKI Team - 10.6.3-1 -- Rebased to PKI 10.6.3 - -* Fri Jun 15 2018 Dogtag PKI Team - 10.6.2-1 -- Rebased to PKI 10.6.2 - -* Wed May 30 2018 Dogtag PKI Team - 10.6.1-3 -- Updated JSS dependency -- Updated Tomcat dependency -- Fixed rpmlint warnings - -* Fri May 04 2018 Dogtag PKI Team - 10.6.1-2 -- Bugzilla #1574711: pki-tools cannot be installed on current Rawhide -- Fixed rpmlint warnings - -* Thu May 03 2018 Dogtag PKI Team - 10.6.1-1 -- Rebased to PKI 10.6.1 -- Bugzilla #1559047: pki-core misses a dependency to pki-symkey -- Bugzilla #1573094: FreeIPA external CA installation fails - -* Thu May 03 2018 Dogtag PKI Team - 10.6.1-1 -- Rebased to PKI 10.6.1 -- Bugzilla #1559047: pki-core misses a dependency to pki-symkey - -* Mon Apr 09 2018 Dogtag PKI Team - 10.6.0-1 -- Updated project URL -- Cleaned up spec file -- Fixed README location -- Rebased to PKI 10.6.0 final - -* Thu Mar 29 2018 Dogtag PKI Team - 10.6.0-0.3 -- Rebased to PKI 10.6.0 beta2 - -* Thu Mar 15 2018 Dogtag PKI Team - 10.6.0-0.2 -- Rebased to PKI 10.6.0 beta - +* Tue May 07 2019 Dogtag PKI Team - 10.7.0-1 +- Rebased to PKI 10.7.0 diff --git a/sources b/sources index 39681f2..ef918c2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.6.9.tar.gz) = 093a34b6d3b6c36bfa620be653207ed43d345fa7bb2bf704cf306905247e2cb2cd71502c5f02acb2bebd18879a011b62e415236cc9b1db20709d3a51863ee65b +SHA512 (pki-10.7.0.tar.gz) = 7f6a2abf9ba72da1048349da8dedc7d2897dd7fe70d5dee31b13f63e8cecf9f865ecfb56570b7c2e5827e9ea1a180cf9321a8e4a33895b753915e1c8caaeb2f8