From 2b765aee56e0b822172f9c09ea1ac881a1d5a817 Mon Sep 17 00:00:00 2001
From: Chris Kelley <ckelley@redhat.com>
Date: Fri, 16 Jun 2023 14:09:53 +0100
Subject: [PATCH] Reabase to v11.4.3

---
 .gitignore      |   1 +
 dogtag-pki.spec | 121 ++++++++++++++++++++++++++++--------------------
 sources         |   2 +-
 3 files changed, 74 insertions(+), 50 deletions(-)

diff --git a/.gitignore b/.gitignore
index e3588cd..76101d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@
 /pki-11.2.0-beta2.tar.gz
 /pki-11.2.0.tar.gz
 /pki-11.3.1.tar.gz
+/pki-11.4.3.tar.gz
diff --git a/dogtag-pki.spec b/dogtag-pki.spec
index 8d0caf3..c2680db 100644
--- a/dogtag-pki.spec
+++ b/dogtag-pki.spec
@@ -8,13 +8,13 @@ Name:             dogtag-pki
 
 # Upstream version number:
 %global           major_version 11
-%global           minor_version 3
-%global           update_version 1
+%global           minor_version 4
+%global           update_version 3
 
 # Downstream release number:
 # - development/stabilization (unsupported): 0.<n> where n >= 1
 # - GA/update (supported): <n> where n >= 1
-%global           release_number 2
+%global           release_number 1
 
 # Development phase:
 # - development (unsupported): alpha<n> where n >= 1
@@ -59,12 +59,6 @@ ExcludeArch: i686
 
 %global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so
 
-################################################################################
-# Python
-################################################################################
-
-%global python_executable /usr/bin/python3
-
 ################################################################################
 # Java
 ################################################################################
@@ -151,18 +145,7 @@ BuildRequires:    make
 BuildRequires:    cmake >= 3.0.2
 BuildRequires:    gcc-c++
 BuildRequires:    zip
-BuildRequires:    %{java_devel}
-BuildRequires:    maven-local
-BuildRequires:    javapackages-tools
 
-BuildRequires:    apache-commons-cli
-BuildRequires:    apache-commons-codec
-BuildRequires:    apache-commons-io
-BuildRequires:    apache-commons-lang3 >= 3.2
-BuildRequires:    apache-commons-logging
-BuildRequires:    apache-commons-net
-BuildRequires:    slf4j
-BuildRequires:    slf4j-jdk14
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel >= 3.36.1
 
@@ -170,11 +153,34 @@ BuildRequires:    openldap-devel
 BuildRequires:    pkgconfig
 BuildRequires:    policycoreutils
 
-BuildRequires:    python3-lxml
-BuildRequires:    python3-sphinx
+# Java build dependencies
+BuildRequires:    %{java_devel}
+BuildRequires:    maven-local
+%if 0%{?fedora}
+BuildRequires:    xmvn-tools
+%endif
+BuildRequires:    javapackages-tools
+BuildRequires:    mvn(commons-cli:commons-cli)
+BuildRequires:    mvn(commons-codec:commons-codec)
+BuildRequires:    mvn(commons-io:commons-io)
+BuildRequires:    mvn(org.apache.commons:commons-lang3)
+BuildRequires:    mvn(commons-logging:commons-logging)
+BuildRequires:    mvn(commons-net:commons-net)
+BuildRequires:    mvn(org.slf4j:slf4j-api)
+BuildRequires:    mvn(org.slf4j:slf4j-jdk14)
+BuildRequires:    mvn(junit:junit)
+BuildRequires:    pki-resteasy >= 3.0.26
+BuildRequires:    jss = 5.4
+BuildRequires:    tomcatjss = 8.4
+BuildRequires:    ldapjdk = 5.4
 
-BuildRequires:    resteasy >= 3.0.26
+%if 0%{?rhel} && ! 0%{?eln}
+BuildRequires:    pki-servlet-engine >= 9.0.31
+%else
+BuildRequires:    tomcat >= 1:9.0.31
+%endif
 
+# Python build dependencies
 BuildRequires:    python3 >= 3.9
 BuildRequires:    python3-devel
 BuildRequires:    python3-setuptools
@@ -184,12 +190,7 @@ BuildRequires:    python3-ldap
 BuildRequires:    python3-libselinux
 BuildRequires:    python3-requests >= 2.6.0
 BuildRequires:    python3-six
-
-BuildRequires:    junit
-BuildRequires:    jpackage-utils >= 0:1.7.5-10
-BuildRequires:    jss = 5.3
-BuildRequires:    tomcatjss = 8.3
-BuildRequires:    ldapjdk = 5.3
+BuildRequires:    python3-sphinx
 
 BuildRequires:    systemd-units
 
@@ -232,12 +233,13 @@ to manage enterprise Public Key Infrastructure deployments.
 
 %{product_name} consists of the following components:
 
-  * Automatic Certificate Management Environment (ACME) Responder
   * Certificate Authority (CA)
   * Key Recovery Authority (KRA)
   * Online Certificate Status Protocol (OCSP) Manager
   * Token Key Service (TKS)
   * Token Processing Service (TPS)
+  * Automatic Certificate Management Environment (ACME) Responder
+  * Enrollment over Secure Transport (EST) Responder
 
 %endif
 
@@ -249,6 +251,7 @@ to manage enterprise Public Key Infrastructure deployments.
 
 Summary:          %{product_name} Package
 %endif
+BuildArch:        noarch
 
 Obsoletes:        pki-symkey < %{version}
 Obsoletes:        %{product_id}-symkey < %{version}
@@ -290,12 +293,13 @@ to manage enterprise Public Key Infrastructure deployments.
 
 %{product_name} consists of the following components:
 
-  * Automatic Certificate Management Environment (ACME) Responder
   * Certificate Authority (CA)
   * Key Recovery Authority (KRA)
   * Online Certificate Status Protocol (OCSP) Manager
   * Token Key Service (TKS)
   * Token Processing Service (TPS)
+  * Automatic Certificate Management Environment (ACME) Responder
+  * Enrollment over Secure Transport (EST) Responder
 
 # with meta
 %endif
@@ -364,21 +368,18 @@ Obsoletes:        %{product_id}-base-java < %{version}-%{release}
 Provides:         %{product_id}-base-java = %{version}-%{release}
 
 Requires:         %{java_headless}
-Requires:         apache-commons-cli
-Requires:         apache-commons-codec
-Requires:         apache-commons-io
-Requires:         apache-commons-lang3 >= 3.2
-Requires:         apache-commons-logging
-Requires:         apache-commons-net
-Requires:         slf4j
-Requires:         slf4j-jdk14
-Requires:         jpackage-utils >= 0:1.7.5-10
-Requires:         jss = 5.3
-Requires:         ldapjdk = 5.3
+Requires:         mvn(commons-cli:commons-cli)
+Requires:         mvn(commons-codec:commons-codec)
+Requires:         mvn(commons-io:commons-io)
+Requires:         mvn(org.apache.commons:commons-lang3)
+Requires:         mvn(commons-logging:commons-logging)
+Requires:         mvn(commons-net:commons-net)
+Requires:         mvn(org.slf4j:slf4j-api)
+Requires:         mvn(org.slf4j:slf4j-jdk14)
+Requires:         jss = 5.4
+Requires:         ldapjdk = 5.4
 Requires:         %{product_id}-base = %{version}-%{release}
-Requires:         resteasy-client >= 3.0.17-1
-Requires:         resteasy-core >= 3.0.17-1
-Requires:         resteasy-jackson2-provider >= 3.0.17-1
+Requires:         pki-resteasy >= 3.0.26
 
 %description -n   %{product_id}-java
 This package provides common and client libraries for Java.
@@ -450,7 +451,7 @@ Requires:         systemd
 Requires(post):   systemd-units
 Requires(postun): systemd-units
 Requires(pre):    shadow-utils
-Requires:         tomcatjss = 8.3
+Requires:         tomcatjss = 8.4
 
 # pki-healthcheck depends on the following library
 %if 0%{?rhel}
@@ -825,6 +826,26 @@ This package provides test suite for %{product_name}.
 # (see /usr/lib/rpm/macros.d/macros.cmake)
 %set_build_flags
 
+# Remove all symbol table and relocation information from the executable.
+C_FLAGS="-s"
+
+%if 0%{?fedora}
+# https://sourceware.org/annobin/annobin.html/Test-gaps.html
+C_FLAGS="$C_FLAGS -fplugin=annobin"
+
+# https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
+C_FLAGS="$C_FLAGS -fcf-protection=full"
+
+# https://sourceware.org/annobin/annobin.html/Test-optimization.html
+C_FLAGS="$C_FLAGS -O2"
+
+# https://sourceware.org/annobin/annobin.html/Test-glibcxx-assertions.html
+C_FLAGS="$C_FLAGS -D_GLIBCXX_ASSERTIONS"
+
+# https://sourceware.org/annobin/annobin.html/Test-lto.html
+C_FLAGS="$C_FLAGS -fno-lto"
+%endif
+
 pkgs=base\
 %{?with_server:,server}\
 %{?with_ca:,ca}\
@@ -854,10 +875,12 @@ pkgs=base\
     --sysconf-dir=%{_sysconfdir} \
     --share-dir=%{_datadir} \
     --cmake=%{__cmake} \
+    --c-flags="$C_FLAGS" \
     --java-home=%{java_home} \
     --jni-dir=%{_jnidir} \
     --unit-dir=%{_unitdir} \
-    --python=%{python_executable} \
+    --python=%{python3} \
+    --python-dir=%{python3_sitelib} \
     --with-pkgs=$pkgs \
     %{?with_console:--with-console} \
     %{!?with_test:--without-test} \
@@ -988,7 +1011,7 @@ fi
 %{_datadir}/pki/examples/java/
 %{_datadir}/pki/lib/*.jar
 %dir %{_javadir}/pki
-%{_javadir}/pki/pki-certsrv.jar
+%{_javadir}/pki/pki-common.jar
 
 ################################################################################
 %files -n python3-%{product_id}
@@ -1109,7 +1132,7 @@ fi
 %dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants
 %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
 %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
-%{_javadir}/pki/pki-cms.jar
+%{_javadir}/pki/pki-server.jar
 %{_javadir}/pki/pki-tomcat.jar
 %dir %{_sharedstatedir}/pki
 %{_mandir}/man1/pkidaemon.1.gz
diff --git a/sources b/sources
index 9e2c2c7..8618204 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pki-11.3.1.tar.gz) = 160a3da0c3640a50ffb273c61a0562c5e0259f6b1ff9b09ead409533b18e6940fa91535826d17c5b57166f7394a8e2020cfdd7756acc76c268decc3fc59652df
+SHA512 (pki-11.4.3.tar.gz) = 0d078ba1021c845bc73e31a50b55d43ab9d82bbbcd9a22663dee04c8fa643eb1ee36dacbafe9da2d58dd91114600d1ea70a3375443e90f1598d3fec2fab1f401